Netwrix, a cybersecurity vendor specializing in data security, has released additional findings for the education sector from its recent survey of IT and security professionals. The survey, which encompassed 1,610 participants from more than 100 countries, revealed that 69% of organizations in the education sector experienced a cyberattack within the past year.
Among the attack methods identified, phishing and user account compromise were found to be the most prevalent in the education sector, while phishing and malware (particularly ransomware) were the top attack paths in other verticals. Additionally, the survey showed that 75% of attacks in the education sector were linked to compromised on-premises user or admin accounts, compared to 48% in other sectors.
Dmitry Sotnikov, the Vice President of Product Management at Netwrix, attributed the higher vulnerability in the education sector to the diverse range of accounts handled by educational institutions. Such institutions manage accounts for staff, third-party contractors, educators, students, and alumni, all of which have a high turnover rate. Sotnikov explains that even with automated identity management, maintaining user awareness of security best practices is challenging due to the continuous influx of new users. Furthermore, students may lack experience in recognizing phishing emails or fake websites attempting to obtain their credentials. Sotnikov suggests that implementing security training within the first few weeks and reinforcing it regularly is crucial in addressing these challenges.
Dirk Schrader, the Vice President of Security Research at Netwrix, highlighted another risk factor present in educational institutions. He pointed out that to facilitate research and collaboration, these institutions frequently provide shared devices and systems exposed to the internet, creating a significant attack surface. To mitigate this risk, Schrader emphasizes the importance of enforcing robust password policies, which prevent the use of weak and compromised passwords, and implementing multifactor authentication (MFA). Adhering to the least privilege principle, which restricts user access rights to only what is necessary for their roles, is also essential. Additionally, Schrader suggests utilizing automated detection and response solutions to effectively handle account compromises and abuse.
For a deeper understanding of the overall security trends, Netwrix encourages individuals to consult the complete 2023 Hybrid Security Trends Report, which provides comprehensive insights into the changing landscape and emerging threats.
Netwrix, founded in 2006, aims to make data security easy for organizations. Its solutions simplify the lives of security professionals by identifying and protecting sensitive data, reducing the risk of breaches. Moreover, Netwrix helps organizations detect, respond to, and recover from attacks, thereby limiting their impact. Over 13,500 organizations worldwide rely on Netwrix solutions to enhance their security and compliance posture across data, identity, and infrastructure attack vectors.
To obtain further information about Netwrix and its solutions, interested parties can visit www.netwrix.com.