The education sector continues to face a growing complex of cybersecurity threats. While the education industry has been under high attack for several years, the forced move to remote and online learning as a response to the coronavirus pandemic in early 2020 has blown the gates off. At this point, 87% of educational institutions have experienced at least one successful cyberattack, and 36% of universities in the United Kingdom are hit with a successful cyberattack every hour.
Today, social engineering attacks like phishing, ransomware, and denial-of-service attacks are growing in frequency and ferocity, and it is not slowing down. The education sector is ripe for massive disruption through these attacks as the industry relies on online learning platforms. Therefore, giving threat actors the opportunity to wreak havoc at the most inopportune times.
The lack of systemic preparedness is putting the sector in the crosshairs of threat actors, and Microsoft reports that more than 60% of monthly malware attempts in Microsoft 365 are focused on the education sector. Additionally, schools' students are a dangerous source of insider cyberattacks and weaknesses as they can share (unintentionally, hopefully) their login details for online classes, leading to denial-of-service attacks against school districts.
Here are just a few key insights to understand the state of cyber security in the education sector, focusing on the issues that institutions have and the potential there is to improve their cybersecurity efforts.
The education sector is ill-prepared
When it comes to addressing cyber security, the education sector has been and continues to be ill-prepared, which is ironic despite their growing reliance on technology for school, university operations, teaching, and research. This industry alone has long-running characteristics that make it susceptible to cyberattacks, and because of the Coronavirus pandemic from early 2020, the push to remote and online learning has led the education sector further away from safety.
Currently, the cyberthreats that the education sector must face include ransomware, social engineering tactics like phishing, and attacks against third-party vendors, such as portals, Learning Management Systems (LMS), and others. There is also low staff awareness of cyber security principles like recognizing a phishing email, and many IT teams in schools lack the people and financial resources necessary to manage cyberattacks effectively.
Phishing and ransomware will continue to be key attack vectors. Perfectly timed maximum-disruption incidents will be an important objective for threat actors for as long as online learning continues to dominate delivery methods, and from this, the price of ransom demands will only increase.
Best practices for cybersecurity
Addressing the cyber security threats facing the education sector requires new and better solutions, including stronger multi-factor authentication methods, more effective anti-phishing defenses, and approaches that reduce the impacts and risks of cyberattacks in schools. Equally as important is to enlist the people within the sector in the fight against cyberthreats. In this case, the best practices for cybersecurity include such cybersecurity defenses as developing a risk assessment for your institution, assessing the cybersecurity preparedness of third-party vendors in the vendor selection process, and securing cyber insurance coverage.
Overall, something new and improved must be done to enact cybersecurity defenses and develop approaches to safeguard institutions, the data they are responsible for, and the staff, faculty, and students who work or study within.
In this whitepaper, we look at the cybersecurity threats the education sector faces and highlight new security solutions, like different methods for multi-factor authentication (MFA).
Download this whitepaper to learn more about:
• The education sector's characteristics making it susceptible to cyberattacks
• How elevated security protections without improving convenience will fail
• Best practices for cybersecurity preparedness