Safeguarding Educational Institutions in the GCC from Cybercrimes

Tamer Odeh, Regional Director for the Middle East at SentinelOne, highlights techniques and methods suggested for preventing cyber-attacks on educational institutions.


Following the reopening of schools in late August, one school in the UAE welcomed only 11 students, as opposed to the expected 5,000 students, proving that parents are still hesitant about sending their kids to school and that they will be depending on e-learning this semester.

Ever since the lockdown earlier this year, schools are using new technologies and programs to guarantee the continuity of education. For example, schools started using a range of video communication tools, such as Zoom and Microsoft Teams. Additionally, they were urged to monitor their students and teachers by deploying varied technologies that involve the collection, storage and sharing of personal information.

With the increased dependency schools have on online applications and platforms, there has been a rise in cyber dangers, which can be dangerous to children. The numbers of cyberattacks and hackers are booming. A study that focuses on the UAE and Saudi Arabia shows that cyber specialists have reported a significant increase in extortion and ransomware attempts. Scammers took advantage of COVID by issuing phishing emails with donation requests and offers to provide relief that appear from legitimate sources.

This consequentially creates a higher risk of student or teacher impersonation due to reduced controls. Moreover, video teleconference platforms have had increasing attacks from online trolls that disrupt online classes with offensive content through the platforms’ screen sharing features.

It is no coincidence that schools are among the most attacked. Schools manage substantial sums of money, store personal information for students and teachers and connect with many external bodies and providers and, of course, parents, who primarily communicate with the school via email. This means schools have a very large attack surface.

Additionally, students make for easy victims of phishing scams. Students’ lack of experience combined with a tendency to use simple passwords across multiple platforms makes them prone to credential harvesting and password-spraying attacks. In addition, the awareness of parents, teachers and faculty regarding cyber risks is often much lower in education than in other sectors.

Further exacerbating the security situation is that educational establishments typically have a limited number of staff dedicated to security. Unlike banks, schools typically do not have dedicated information security personnel who are engaged in 24/7 protection.

Ways to decrease cyberattacks for schools:

Having a program of staff education and training in schools is important to create a culture of suspicion and vigilance, sharing real-world examples with staff and testing resilience is important, but even the best of us have the weakest of moments. The risk can be reduced but cannot be eliminated with training alone. It can be improved with email security with products that include features such as:

• Url scanning of inbound or archived email which does not allow clicks on target sites until the site can be checked for malware

• Detecting weaponized attachments in the mailbox and redirecting to a sandbox before delivery.

• Protection against impersonation, social engineering, typo squatting and masking

Ransomware only has rights to change and encrypt files if the infected user does. Controlling user access to critical network resources is necessary to limit exposure to this and ensure lateral movement is made more difficult.

Therefore, it is critical to ensure privileges are current and up to date and that users can only access appropriate files and network locations required for their duties.

Almost all organizations have endpoint security; however, to prevent ransomware, static detection and antivirus is no longer enough. Having advanced features in your endpoint protection and the ability to perform endpoint management and hygiene from a centralized management system is increasingly important.

Good endpoint security should include multiple static and behavioural detection engines, using machine learning and AI to speed up detection and analysis. It is also important to have exploit protection, device control, access control, vulnerability and application control. The addition of endpoint detection and response (EDR) into the mix, provides forensic analysis and root cause and immediate response actions like isolation, transfer to sandbox and rollback features to automate remediation are important considerations.

Having these features in one platform and one agent capable of protecting all devices and servers will ensure centralised visibility and control for your cybersecurity team across your entire endpoint estate.

As we have seen, schools and academia are in the crosshairs of cybercriminals and will continue to be so for the foreseeable future. But educational institutions can also offer some hope of future relief. Policymakers understand that cyber education should start at an early age.

The importance of protecting our education system from cybercrime cannot be overstated. Not only do schools, colleges and universities provide vital services to our society and economy, they are rich treasure troves of sensitive data. From personal information like birth records, educational history, social security numbers and financial data to intellectual property and cutting-edge research, the data held by these organizations is among the most useful to cybercriminals and advanced threat actors. And yet, these storehouses of precious data are perhaps among the least well-defended and under-funded in terms of cybersecurity. As a result, it’s imperative that administrators and policymakers address these shortcomings as a matter of urgency.