- ‘Extensive storage’ of sensitive data
- Pay disparity among IT professionals
- Warning about pupils’ gadgets
The education sector in the GCC has emerged as a prime target for cybercriminals because of budgetary constraints and a lack of expertise, tech experts have told AGBI.
“Schools, in particular, are vulnerable due to their extensive storage of sensitive personal information and comparatively lower investments in cybersecurity,” said Ram Narayanan, country manager at Check Point Software Technologies, a US-Israeli cybersecurity company.
Morey Haber, chief security adviser at cybersecurity specialist BeyondTrust, pointed to the issue of salaries for cybersecurity professionals in education.
“The education system generally does not compensate employees as highly as some other sectors,” Haber said.
“This, coupled with smaller and less experienced cybersecurity teams, leaves educational institutions ill-equipped to defend against sophisticated cyberthreats.” That can lead to “basic mistakes”, Haber said.
Narayanan said students’ use of personal devices such as tablets, which may not be adequately equipped with security software, amplified the risk of data breaches.
- Mena cybersecurity spend grows to $3.3bn to fight AI crime
- UAE is a ‘prime target’ for ransomware attacks
- Opinion: Chasing the elusive gold star for Gulf schools
Education is the sector most affected by cyberthreats in the GCC, according to research presented by Help AG, a unit of e& (formerly Etisalat) at the GISEC cybersecurity conference held in Dubai last week. Aviation and healthcare were also prime targets, Help AG said.
The Gulf’s education sector is expanding as the region’s school-age population increases. The GCC needs about 1,100 extra schools to reach a total of more than 35,200 by 2027, a report published by Alpen Capital last August said.
Gems Education, the largest schools group in the UAE, was the target of a cyberattack in February 2022. It told parents at the time: “Thanks to our robust business continuity plans, impact to our operations has been minimal.”
Aaron Bugal, chief technology officer at Sophos, a UK-based security software provider, said GCC schools should take a proactive approach to thwart cybercriminals.
“By understanding nominal patterns in access and movement of students and faculty it becomes easier to spot when abnormal activity is apparent and have the ability to stop it before it turns into a security event,” Bugal said.