According to a report by Quorum Cyber, educational institutions worldwide experienced a notable surge in cyberattacks last year. The threats stem from various factors, including geopolitical tensions, ransomware attacks, and increasing hacktivism. The information comes from Quorum Cyber’s 2026 Global Cyber Risk Outlook for Higher Education, which utilizes FalconFeeds.io threat intelligence data from November 2023 to October 2025.

The report highlights a staggering 63% rise in recorded incidents, escalating from 260 attacks during the previous year (November 2023 to October 2024) to 425 incidents in the following year (November 2024 to October 2025). This alarming trend extends across 67 countries, where reported data breaches surged by 73%. Furthermore, hacktivist activities increased by 75%, while ransomware attacks saw a growth of 21%.

The data indicates that universities are particularly vulnerable to threats emanating from nation-states aiming to steal high-value research, especially in fields like artificial intelligence, quantum computing, and advanced materials. Quorum Cyber speculated that educational institutions are prime targets due to the nature of their work and the sensitive information they handle.

Hacktivism has manifested itself in various forms, including Distributed Denial of Service (DDoS) attacks, defacement of websites, and threats of data leaks. The report specifically noted a rise in activities from Iranian threat actors, which further complicates the cybersecurity landscape for educational entities.

Additionally, the presence of infostealer malware, along with financially motivated ransomware attacks, has been a consistent concern throughout the reporting period. Notably, certain groups, including FunkSec, Cl0p, and INC, have emerged as among the most active cybercriminal organizations, with each claiming significant proportions of the recorded ransomware activity.

In light of these persistent threats, Quorum Cyber has outlined several essential mitigation strategies for educational institutions aiming to bolster their cybersecurity defenses. Among their recommendations are:

1. Intelligence-led Vulnerability Management: Institutions should employ up-to-date information to prioritize vulnerabilities that require immediate patching, ensuring that the most significant risks are addressed promptly.

2. Dark Web Monitoring: By keeping an eye on the dark web, institutions can receive early warnings for any leaked credentials or breaches involving third parties.

3. Robust Backups: It is recommended that institutions maintain three copies of critical data on two different devices, with one of these copies stored offline in a separate location to safeguard against data loss.

4. Incident Response Exercises: Regular tabletop exercises should be conducted to ensure that incident response plans and playbooks are effective and well understood by all team members.

5. Password Management: Strong and unique passwords should be implemented for all accounts, and users are encouraged to utilize password managers for secure storage.

6. Social Engineering Policies: Institutions must introduce measures to harden helpdesk operations, enhance user awareness through training, implement phishing-resistant multi-factor authentication (MFA), and enforce the principle of least privilege for user access.

Ambrose Neville, the head of information security at Queen Mary University of London, remarked on the distinct challenges facing higher education institutions. He pointed out that the culture of openness and collaboration, which is fundamental to the operation of educational entities, complicates efforts to secure systems. This contrasts sharply with other industries that may be able to impose more stringent access controls.

Neville emphasized the importance of security resilience, stating, “It’s critical to know where you’re exposed, spot threats early, and respond quickly before incidents escalate.” This perspective underscores the need for a balanced approach to cybersecurity, especially in an environment where fostering an open academic culture remains a priority.

As cyber threats become more sophisticated and prevalent, the need for cohesive and proactive cybersecurity strategies in the education sector has never been more critical. Institutions must be prepared to navigate these challenges while safeguarding their valuable research and maintaining the continuity of their educational missions. With comprehensive preventive measures and a focus on resilient security practices, educational institutions can better equip themselves for the evolving threat landscape.

Source link