• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
BW Businessworld

Time to Prevent Cyberthreats Lurking around India’s Educational Institutions

There has been greater awareness about the implications of cyber threats. However, the education sector has somewhat lagged behind industry peers in the APAC region

Photo Credit :


Across the world, the year 2016 turned out to be quite eventful for cyber security with multiple, major threats and breaches reported. 

Broadly speaking, we understand cybersecurity as the preventive techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorised access. Over the years, cybersecurity has become a massing undertaking with the growing need to protect information and systems from major cyber threats, such as cyber terrorism, cyber war fare and cyber espionage. Furthermore, the impact of these threats on a personal level is getting more significant as we immerse ourselves in a world that depends on all things digital. 

The awareness-adoption gap

Among organisations in general, there has been greater awareness about the implications of cyber threats. However, the education sector has somewhat lagged behind industry peers in the APAC region: While studies have not concluded the presence of a direct correlation between awareness and spending, only 66 percent of educational institutions (compared to 79 percent of financial institutions, for example) spent between 5 percent and 15 percent of their IT budgets on cyber security. Yet, as recent attacks on institutions of higher learning indicate, data on research, enrolment and student records that sit within school campusescan be of great value.

As many as 76 percent of organisations in Asia-Pacific set aside at least 5 percent of their IT budgets towards cyber security this year, and about two-thirds of them claim an increase in budget allocation from last year. Yet the education sector’s adoption levels, at 66 percent, have remained below average. Despite the less-than-adequate adoption levels, a whopping majority of the education sector reports a feeling of being well-protected. 

Need to adopt quickly

Cybersecurity solutions, too, have become more sophisticated – with the most advanced systems integrating automation to optimise prevention. However, the adoption of these measures leaves much to be desired, and this is particularly true for the education sector. In general, adoption is predictably lower in industries and institutions that are less technologically savvy. While 73 percent of the education sector in the APAC region suffers from outmoded infrastructure, as much as 72 percent of the schools surveyed are confronted with the practice of employees downloading unauthorised documents and software. Antivirus and firewalls are no longer adequate by the new standards, yet two out of three companies rely on those methods alone. Meanwhile, two-factor authentication, anti-ransomware, and biometrics have low patronage. In spite of all the low (45 percent) adoption of sophisticated counter measures, the confidence level among the educational institutions is as high as 86 percent. That lack of threat perception poses the kind of vulnerability that can be disastrous. 

Additionally, the ageing internet infrastructure and internal threats constitute the top reasons why the education sector in Asia-Pacific is still vulnerable to cyber attacks. Budget allocation to more sophisticated cybersecurity is a prominent barrier in its adoption—only 42 percent of educational institutions are seen to have adequate allocations. 

As the education sector burgeons in India, it is exposed to internal and external threats, leaving schools, colleges and research institutions vulnerable. Experimenting young minds who may take cyber risks at the cost of potential threats, unauthorised downloads are a critical example that pose a special threat. The education sector in India is digitizing itself, with technology driven education coming up as a separate high growth industry as well. Education technology relies on broadband and optic fibre, and both these compound the already existing challenge of relative naiveté among both institutions and users.

Inefficiency or insufficiency of cyber security measures put more at stake. The cost of a breach is substantial—arguably, higher than the risks many companies seem to take by not investing enough on cybersecurity. In India, the figure is as high as Rs 25,000 crores and is expected to rise exponentially over the next decade.

Towards a strong policy 

The National Cyber Security Policy 2013 is a solid document of vision for the Indian environment. It is especially important in an environment where products and solutions for the education sector are available across international borders, transcending laws. In protecting youngsters from cyber “exposure”, the document could also consider some cyber threats as threats to national security. Some of these gaps are addressed in The National Association of Software and Services Companies (Nasscom) and Data Security Council of India (DSCI) launched by the Growing Cybersecurity Industry, Roadmap for India report of December 2016. In it, Nasscom identifies the lacunae in India’s cybersecurity policy and recommends 16 progressive policy measures, including tax breaks and cluster -funded cybersecurity ventures.

Meanwhile, the education sectorfinds itself in a contradiction of sorts. On one hand,its rapid growth in India parallels the growth of IT systems to support it. On the other, the nascence of its growth has placed the sector in an especially vulnerable zone. As is the case throughout the Asian region, the Indian education sector is behind its world counterparts in grasping advanced cybersecurity systems that are available at its disposal. Despite its problems, this is a sector that does not figure on top of policy priority, in preference to finance and IT. As one of the fastest-growing migrants towards technology, and given the massive potential of the emerging technology-based education practices such as Massive Open Online Courses (MOOC), the Indian education sector must educate itself on cybersecurity quickly.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.

Tags assigned to this article:
cyber attacks cybersecurity education

Anil Bhasin

The author is Regional Vice President, India and SAARC Region, Palo Alto Networks

More From The Author >>