Page 17 - Risk Management Bulletin Jan- Mar 2022
P. 17
RMAI BULLETIN JANUARY - MARCH 2022
design, committee oversight, detailed roles and activities says a lot about their business. Having a good
responsibilities, resource requirements. hold on outsourcing is necessary to mitigate associated
threats and vulnerabilities ranging from the
b) Strategy & Objectives: ORM goals, design ORM
operational impact of third-party failures to the
framework, capabilities and skills, development
reputational impact of poor work practices of third
c) Policies: ORM policy design, integration with other
parties.
policies and standards
d) ORM tools and Processes: Data loss governance, But it also sets the standard by which third parties will
alignment with strategic planning and accounting perceive the organization and managed effectively,
could open the door to strategic opportunities
e) Supporting Systems: Business requirements,
emanating from positive cost-reduction and
Vendor selection, Change management
innovation. Organizations that lose control of their
f) Measures and Reporting: KRI, Internal ORM
management of outsourcing face heightened
reporting flows, External ORM disclosure
regulatory scrutiny, reputational damage and,
requirements
ultimately, consumer backlash.
Conclusion: Reference:
To Conclude, the way a firm manages its outsourcing Various Sources.
Biggest target of cyber threats is Indian education
sector, says report
According to a report titled 'Cyber Threats Targeting the Global Education Sector', India is the biggest target
of cyber threats to educational institutions and online platforms followed by the USA, the UK, Indonesia and
Brazil. The key triggers that enlarged the attack surface includes the adoption of remote learning during the
Covid-19 pandemic, digitisation of education, and prevalence of online learning platforms.
The report also claimed that data shows a 20% increase in cyber threats to the global education sector in
the first three months of 2022 when compared to the corresponding period of 2021.
"Of the threats detected in Asia and Pacific last year, 58% of them were targeted at Indian or India based
educational institutions and online platform. Indonesia was distant second being the target of 10% cyber
threats. This included attacks on BYJU's, IIM Kojhikode and Tamil Nadu's Directorate of Technical Education,"
the report said. The report findings indicate that several cybercriminals are actively leaking databases,
accesses, vulnerabilities and exploits, and other information belonging to educational institutions, on
cybercrime forums.
"Databases and accesses are the most commonly sought after data types. The databases leaked from
educational institutions primarily contain information Personally Identifiable Information (PII) of students
and their families, including name, date of birth, email address, phone number, and physical address; website
user records and credentials and examination results and scores," it said.
"Overall, the USA was the second most affected country across the globe with a total of 19 recorded incidents,
accounting for 86%of the threats in North America. These include ransomware attacks on prestigious
institutions such as Howard University and University of California. In addition, high-risk API vulnaribilities
were uncovered in Coursera, the massive open online course provider," the report added.
The report has been compiled by the Threat Research and Information Anayltics Division of CloudSEK, a
Singapore-based AI-driven Digital Risk Management Enterprise.
The experts have asserted in the report that given the size and impact of the education sector, it is critical
for institutions, students, parents, teachers, and the government to ensure that the information gathered
and stored is not leaked and exploited by cybercriminals.
15
