Attacks on the Education Sector Are Surging: How Can Cyber-Defenders Respond?
Summary:
In Q2 2024, the education sector ranked as the third most targeted industry for cyberattacks, with APT groups aligned to China, North Korea, Iran, and Russia increasingly focusing on academic institutions. These institutions are particularly attractive targets due to factors such as large, diverse user bases, valuable personal and academic data, porous network infrastructures, and limited cybersecurity resources. With budget constraints and insufficient expertise, many educational organizations struggle to implement robust cybersecurity measures, leaving significant gaps in their defenses. Overall, the education sector is typically vulnerable to attacks through personal devices, phishing campaigns targeting students and staff, and legacy software that may be outdated or unpatched. Furthermore, the openness and collaborative culture of academic institutions, while beneficial in many ways, increase exposure to external threats.
Security Officer Comments:
Educational institutions are prime targets for cybercriminals and nation-state actors due to the sensitive personal data they store, such as health, financial, and research information. This has led to a significant number of cyber incidents, with K12 SIX documenting 1,331 publicly disclosed cyberattacks on US school districts since 2016, and ENISA reporting over 300 incidents in the EU between July 2023 and June 2024. Ransomware remains the top threat to universities, particularly in the UK, followed by phishing and unpatched vulnerabilities. In the US, the Department of Homeland Security highlights how budget constraints and limited resources make K-12 school districts especially vulnerable to ransomware attacks, with cybercriminals successfully extracting payments due to tight operational deadlines.
Suggested Corrections:
Recommendations from ESET:
https://www.welivesecurity.com/en/b...ation-sector-surging-cyber-defenders-respond/
In Q2 2024, the education sector ranked as the third most targeted industry for cyberattacks, with APT groups aligned to China, North Korea, Iran, and Russia increasingly focusing on academic institutions. These institutions are particularly attractive targets due to factors such as large, diverse user bases, valuable personal and academic data, porous network infrastructures, and limited cybersecurity resources. With budget constraints and insufficient expertise, many educational organizations struggle to implement robust cybersecurity measures, leaving significant gaps in their defenses. Overall, the education sector is typically vulnerable to attacks through personal devices, phishing campaigns targeting students and staff, and legacy software that may be outdated or unpatched. Furthermore, the openness and collaborative culture of academic institutions, while beneficial in many ways, increase exposure to external threats.
Security Officer Comments:
Educational institutions are prime targets for cybercriminals and nation-state actors due to the sensitive personal data they store, such as health, financial, and research information. This has led to a significant number of cyber incidents, with K12 SIX documenting 1,331 publicly disclosed cyberattacks on US school districts since 2016, and ENISA reporting over 300 incidents in the EU between July 2023 and June 2024. Ransomware remains the top threat to universities, particularly in the UK, followed by phishing and unpatched vulnerabilities. In the US, the Department of Homeland Security highlights how budget constraints and limited resources make K-12 school districts especially vulnerable to ransomware attacks, with cybercriminals successfully extracting payments due to tight operational deadlines.
Suggested Corrections:
Recommendations from ESET:
- Enforce strong, unique passwords and multi-factor authentication (MFA) to protect accounts
- Practice good cyber-hygiene with prompt patching, frequent backups and data encryption
- Develop and test a robust incident response plan to minimize the impact of a breach
- Educate staff, students and administrators in best practice security, including how to spot phishing emails
- Share a detailed acceptable use and BYOD policy with students, including what security you expect them to pre-install on their devices
- Partner with a reputable cybersecurity vendor that protect your organization’s endpoints, data and intellectual property
- Consider using managed detection and response (MDR) to monitor for suspicious activity 24/7 and help catch and contain threats before they can impact the organization
https://www.welivesecurity.com/en/b...ation-sector-surging-cyber-defenders-respond/