Netwrix, a cybersecurity software company, recently released additional findings regarding the state of cybersecurity in the education sector. These findings were based on a survey of 1,610 IT and security professionals from over 100 countries.
According to the survey, a staggering 69% of organizations within the education sector reported experiencing a cyberattack within the last 12 months. This highlights the vulnerability of educational institutions to cyber threats. The most common attack methods observed in the education sector were phishing and user account compromise. In comparison, other industries reported phishing and malware attacks, such as ransomware, as the top threats.
Interestingly, the survey revealed that 3 out of 4 cyberattacks (75%) targeting the education sector were associated with compromised on-premises user or admin accounts. In contrast, this percentage was lower for other sectors, standing at 48%. This suggests that educational institutions are more susceptible to attacks that exploit weaknesses within their internal systems.
Dmitry Sotnikov, VP of Product Management at Netwrix, shed light on the challenges faced by educational organizations. These institutions handle a wide range of accounts belonging to staff, third-party contractors, educators, students, and alumni. The turnover rate within these accounts is high, making it difficult to consistently train users in security best practices. Furthermore, students may lack experience in identifying phishing emails or fake websites that request their credentials.
To address these challenges and improve cybersecurity measures in the education sector, Sotnikov stressed the importance of mandating security training within the first few weeks for all users and repeating it on a regular basis. This ongoing training will help educate users about potential risks and teach them how to identify and avoid phishing attacks.
Dirk Schrader, VP of Security Research at Netwrix, also provided insights into the specific vulnerabilities faced by educational institutions. Due to the need for research and collaboration, these institutions often provide a variety of shared devices and systems that are exposed to the internet, creating a massive attack surface. Schrader emphasized the need for strong password policies, the implementation of multifactor authentication (MFA), and adherence to the least privilege principle. Additionally, he recommended the use of automated detection and response solutions to efficiently handle account compromise and abuse.
Overall, these findings highlight the pressing need for the education sector to enhance its cybersecurity measures. Educational institutions must prioritize security training for all users and implement strong password policies, MFA, and automated detection and response solutions to mitigate risks. By proactively addressing these challenges, educational organizations can better protect themselves from cyberattacks.
To gain further insight into the state of security trends, Netwrix encourages interested parties to access their comprehensive 2023 Hybrid Security Trends Report. This report provides a deeper analysis of the cybersecurity landscape and offers valuable recommendations for organizations across various industries.