Three reasons the education sector is a prime target for cyber attacks

Posted by Gemma Sirett on July 24, 2019

The education sector is fast becoming a prime target for cyber attacks. Universities and research centres have faced repeated attacks, with more than 200 institutions reporting over 1,000 attempts last year to steal data or disrupt services. What’s more, just last month, Lakes College became the latest victim of a sophisticated email scam, where fraudsters posed as the principal of the college.

This isn’t the first type of cyber attack to impact the education sector, and it certainly won’t be the last. But why is this sector such a big target for cyber criminals?

  1. The attack surface is huge: There are over 2.3 million students and just under half a million staff at UK higher education establishments, with the UK’s largest single-site university, the University of Manchester, counting over 40,000 students from both the UK and overseas in the 2017/18 academic year. This creates a huge and diverse pool of users for attackers to choose from to increase their chances of success.
  2. The value of information is high: A compromise only matters if it impacts valuable data. Unfortunately, the education sector holds a vast range of sensitive and confidential information, including financial and personal data about staff and students, as well as the information created and shared through industry-leading research projects. Findings from these research projects are often well publicised, meaning the projects themselves could quickly become a target. IT and security teams in colleges and universities must be aware that the risk associated with a cyber attack is not only financial, so data confidentiality, integrity and availability should also be considered.
  3. They operate in open technology environments: With faculty members and students bringing so many devices onto campus to connect to the university’s infrastructure – not to mention the additional connections with other universities and overseas students – and with few restrictions in place, security teams don't have the opportunity to ensure every device is safe and secure.

Compromises in the education sector – the facts

70% of all compromises start with an email and in the education sector in particular, human error was the cause of 35% of data breaches in the last year. What’s more, stolen credentials accounted for 53% of compromised data in the same period, with these credentials then used in more than 80% of breaches.

These facts can’t be ignored. Phishing, spear phishing, social engineering and payment diversion fraud are very real and increasingly sophisticated attack techniques, and organisations in the education sector need to change their approach to keep up with the sophistication of today’s threats. So what steps can colleges and universities take to intelligently protect themselves from cyber attacks?

  1. Don’t rely on users to spot malicious attacks
    Given how many compromises start with an email, technological email protection should be the first line of defence against adversaries. Relying on users to spot unusual activity or detect a fraudulent email isn’t enough – the right technology needs to be in place to enable users to make informed decisions. Universities and colleges can strengthen their email defences to stop adversaries reaching their users, with clear security indicators that provide visibility and assurance with every email.
  2. Understand the risks
    With so much valuable data at stake, understanding the risks facing the college or university is the first step to being able to manage them. The IT and security teams within these establishments need to be aware of what impact the use of technology and data sharing can have, to be in a better position to manage their attack surface and prepare for a cyber attack.
  3. Proactively hunt for threats
    The likelihood of a cyber attack occurring is increasing in the education sector, with research showing that one in five education establishments were victims of cyber crime in 2018. With this in mind, colleges and universities must start placing greater emphasis on their cyber security strategies. IT and security teams need to detect, respond to and remediate attacks before they cause damage, then use the intelligence gained to inform their future cyber strategy.

A managed approach to cyber security

It’s time for colleges and universities to gain the upper hand with their cyber security strategies. To be prepared for an email compromise, they need to have robust protection in place to enable users to email freely on a day-to-day basis, without the risk or concern regarding email threats. Additionally, colleges and universities need to routinely scan their entire IT estate, identifying potential vulnerabilities and offering clear, actionable intelligence and remediation advice on how to resolve any potential issues. Lastly, these establishments need to understand the full picture with proactive threat hunting and swift incident response to detect, respond to and remediate attacks before they cause damage.