3 of 4 cyberattacks in the education sector occur on‑premises

Aug. 31, 2023
3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

FRISCO, Texas, August 31, 2023 – Netwrix, a cybersecurity vendor that makes data security easy, today revealed additional findings for the education sector from its survey of 1,610 IT and security professionals from more than 100 countries. 

According to the survey, 69% of organizations in the education sector suffered a cyberattack within the last 12 months. Phishing and user account compromise were the most common attack paths for these organizations, while phishing and malware (such as ransomware) topped the list for other verticals. What’s more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

“Organizations in the education sector handle variety of accounts — staff, third-party contractors, educators, students, alumni — that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained on security best practices because there is a continual supply of newcomers,” says Dmitry Sotnikov, VP of Product Management at Netwrix. “In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it on a regular basis.”

“To enable research and collaboration, educational institutions often provide a variety of shared devices and systems exposed to the internet — creating a massive attack surface,” says Dirk Schrader, VP of Security Research at Netwrix. “To mitigate risk, it is crucial to enforce strong password policies that prevent the use of weak and compromised passwords, implement multifactor authentication (MFA), and adhere to the least privilege principle. In addition, automated detection and response solutions can help IT deal with account compromise and abuse in a controlled and efficient manner.”

To learn more about security trends, check out the complete 2023 Hybrid Security Trends Report.

Sponsored Recommendations

ADT Commercial establishes standalone organization, rebrands company to Everon completing GTCR acquisition

Everon draws on legacy of excellence in commercial security, fire and life safety, emerges as standalone full-line U.S. integrator and service provider

Four ways to stay a step ahead of security threats

It takes a team approach to meet the challenges of a vulnerable world.

Exclusive Q&A: Alula President Dave Mayne

Take a closer look at Alula's merger with M2M Services, as well as the future of the brand, product development, leadership and more

M2M Services and Alula join forces to redefine the future of smart security solutions

Operating under the name M2M Services, the combined entity will leverage the strengths of both companies.