Malicious actors have increasingly set their sights on K-12 and higher education institutions, labeling them as an “industry of industries” due to the extensive private data that flows through these entities, as outlined in Microsoft’s recent report. Hackers find a treasure trove of valuable information within these systems, ranging from financial data to health records and other sensitive data, making them prime targets for exploitation, the Threat Intelligence report from Microsoft elaborated.
According to Microsoft, the unique combination of value and vulnerability present in educational systems has attracted a wide range of cyber attackers, from cyber criminals deploying innovative tactics to nation-state threat actors employing traditional espionage methods. These bad actors leverage various vulnerabilities within the education sector, such as limited security staffing, challenging-to-secure IT systems, the prevalence of virtual/remote learning environments, widespread QR code usage, open email systems, inadequate funding, and more. Additionally, the presence of users, some as young as 6 years old, who lack awareness of safe cybersecurity practices, further compounds the security risks within these institutions.
On a weekly basis, educational organizations face an average of 2,507 attempted cyberattacks, originating from nation-state groups to ransomware gangs. Universities pose unique challenges due to their culture of sharing information, research, and innovation, which can attract malicious attention, Microsoft’s research revealed.
Microsoft identified several nation-state threat actors, including Peach Sandstorm, Mint Sandstorm, Mabna Institute, Emerald Sleet, and Moonstone Sleet, with a mention of Storm-1877 still under development. To defend against these threats, education institutions are encouraged to adopt a comprehensive security curriculum, emphasizing core cyber hygiene practices and promoting cyber awareness across all levels, including students, IT personnel, and faculty. Microsoft also recommends strengthening overall security posture, centralizing technology infrastructure, and implementing robust monitoring mechanisms to identify potential vulnerabilities effectively.
Highlighting exemplary efforts in cybersecurity, Microsoft showcased institutions like Oregon State University and the Arizona Department of Education. Oregon State University strengthened its cybersecurity practices following a significant security incident by establishing a Security Operations Center (SOC) and leveraging AI and automated capabilities. Meanwhile, the Arizona Department of Education focuses on zero-trust principles, restricting traffic outside of the US from accessing its 365 environment, Azure, and data center to bolster security measures.
In conclusion, the education sector remains a prime target for cyber attackers due to the valuable data it holds and the inherent vulnerabilities within its systems. By prioritizing cybersecurity education, implementing robust security measures, and learning from best practices of leading institutions, educational entities can fortify their defenses against evolving cyber threats and safeguard the privacy and integrity of their data.