Cybersecurity in education is a topic that has been raised in profile over the last few years.
This is partly because of the increasing number of attacks that are targeting organizations in general, particularly during the onset of the coronavirus pandemic.
It’s also because education organizations and institutions have often been slow to react to an ever-dangerous security landscape, leading many to become prime targets and indeed victims of cyberattacks.
Among 17 industries studied, the education sector ranked as the least secure, with the highest vulnerabilities being present in application security, endpoint security, and keeping software up to date on a regular basis.
To combat this, organizations should start taking cybersecurity in education more seriously and assess whether their current strategy is enough to defend themselves against modern threats.
Take a look at these stats for an indication of where the sector is and the necessity for institutions to take more effective action.
1. 1000+ cybersecurity incidents since 2016
The K-12 Cyber Incident Map, which has been tracking publicly-disclosed cybersecurity incidents in US K-12 public schools since 2016, reports that there have been over one thousand incidents in the last four years alone.
These incidents include:
- Unauthorized disclosures, breaches or hacks resulting in the disclosure of personal data
- Ransomware attacks
- Phishing attacks resulting in the disclosure of personal data
- Denial-of-service attacks
- Other cyber incidents resulting in school disruptions and unauthorized disclosures
In 2019, there were a reported 348 incidents, nearly three times as many as in 2018 and equating to a rate of about two incidents per school day over the course of the year.
2. 27% see the current security of their data center as ‘inadequate’ and in urgent need of updating.
It’s not uncommon for IT departments to lack confidence in the security of their information and the data centers where its housed.
In fact, 96% of IT decision makers believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them.
When it comes to education organizations, the information they possess—which grows every year as a result of increased implementation of technology in schools—is extremely sensitive, and it’s simply not viable to safeguard in a server that doesn’t have the protections afforded to the highly-rated data centers which are commonplace in 2020.
Related Post: Data Center Tiers: What Are They and Why Do They Matter?
By not having a modern, secure data center, the possibility for extended downtime and associated costs during a breach is significant.
3. Schools are the no.2 target for ransomware attacks
Ransomware in 2020 has increased by a factor of seven compared to 2019, an extremely discouraging figure.
Victims of such attacks are in a lose-lose situation: if the ransom is paid, as it is by nearly three-quarters of businesses in the US, then money is lost and cybercriminals are encouraged to pursue further attacks.
If the ransom is not paid, organizations have to face the prospect of having their data leaked, which must be reported by the institution or else they’ll receive steep penalties.
4. 42% of schools have students or staff that circumvent cybersecurity protections
Just as it’s important to implement the correct technology for cybersecurity in education organizations, so too is it important for them to carry out policies on campus which encourage safe cybersecurity practices.
For organizations, it’s incumbent on them to make sure that not only are they adopting the right technology to protect themselves, but that they’re also providing the right resources and making the necessary restrictions to ensure that users know what is expected of them and have difficulty attempting workarounds.
5. 41% of higher education cyber security incidents and breaches were caused by social engineering attacks.
Cyberattacks rely on human error in order to succeed. They work on the basis of a law of averages approach, determining that if they target a set number of victims, they will be successful in their attempts eventually.
Human error is the number one cause of data breaches from cyberattacks, with 52% of incidents directly attributable to them.
Social engineering involves manipulating victims into giving up sensitive information to a third party.
This is often achieved by impersonating a trusted friend, colleague, or organization associated with the target.
The most common method that involves social engineering is phishing, which are typically emails.
6. On average, 30% of users in the education industry have fallen for phishing emails.
Nearly one-third of users in the education industry have fallen victim to phishing attacks.
As we just saw, almost half of all breaches were caused by social engineering—the most frequent of which are phishing attacks.
Phishing attacks are successful because they play on people’s fears and anxieties—it’s no coincidence that in the wake of lockdowns across the country, phishing emails soared.
7. Educational records can fetch up to $265 on the black market.
The proportion of users in education who have fallen for phishing attacks is roughly a third. If nothing else, the amount of people who fall for attacks is indicative of both how prevalent and how successful this type of cybercrime is.
To guard against it, organizations should strongly consider security awareness training among users, educating them on how to spot a phishing attack and how to deal with it appropriately.
Just 11% of respondents in a survey by Hiscox in their annual report said that their companies had increased spending on security awareness training after a cyberattack.
8. 87% of educational establishments have experienced at least one successful cyberattack.
The vast majority of education organizations have been the victim of a cyberattack. This mostly concurs with the rapid rise of attacks we’ve seen over the last year and should serve as a warning to administrators.
What’s important for institutions to recognize is the need for them to invest in and implement strategies for cybersecurity that are proactive.
73% of organizations are unprepared for cyberattacks today, many of them remaining unprepared even after an attack. Organizations must implement the necessary technology to avoid future attacks before a breach can occur.
9. 85% of universities agree that more funding must be given to IT security to protect critical research IP.
Research IPs are extremely valuable to higher education organizations and adopting the correct technology to protect them is essential.
This might be why just 15% of universities are comfortable with the current levels of spending that is going into their cybersecurity defense at present.
Considering the number of attacks we’ve seen just this year and the disproportionate rise of cybercrime over just the last two years, institutions should take their intellectual property security as seriously as is warranted and engage with methods to protect it as best they can.
10. The education sector accounted for 13% of all data security breaches during the first half of 2017, resulting in the compromise of some 32 million personal records.
As an indication of the seriousness of cybersecurity in education, a substantial amount of total data breaches across all industries comes from this one sector.
As we’ve seen above, the education sector is both lagging behind in terms of technology adoption and at the same time has a user base of people who susceptible to attack.
This makes education organizations an easy target for cybercriminals, who continue to attacks schools and colleges to gain valuable information and data to sell.
If these cybersecurity stats have made you think twice about your business security, then you’re not alone. In light of recent events, many organizations have found themselves playing catchup, trying to implement makeshift cloud solutions to make up lost ground while their workforces transition to remote work for the immediate future. Fending off cyberattacks is a challenging but necessary aspect of any modern business, and using cloud services can help create a watertight business.
To find out more about how the cloud can ensure your business is in good shape for the future, download our eBook, “Which Cloud Option Is Right For Your Business?”