Since late 2019, more than 500 organizations in the education industry worldwide experienced data leaks, an international cybersecurity company reported.
Nord Security conducted the global cybersecurity study of various industries in collaboration with independent researchers, examining databases that had been leaked from companies, organizations and institutions between December 2019 and July 2023, Chief Technical Officer Tomas Smalakys confirmed in an email.
To conduct this study, he explained, researchers reviewed incidents where hackers stole personal information and made it available to the public by leaking it online. In rare cases, some of these incidents could be caused by insiders from companies or organizations, "but this is an exception rather than a rule."
"Researchers have not identified main occurrences/causes of such cybersecurity attacks," Smalakys wrote, "as they looked solely at the fact that companies' clients' personal information was made available online by hackers."
Education ranked fifth on the list of industries with the most data breaches during that period, behind entertainment (799), technology (775), retail (725), and business services (561). The tally for education was 518, followed by customer services (468), public sector (352), health care (290), other (286), and transportation (279), according to a summary of the report on Nord Security's website.
"We often hear of companies breached and, consequently, getting locked out of their accounts, losing profits, and experiencing a reputational crisis. This time, we aim to shift the discourse to consumers who become victims as a result of companies failing to ensure their data security," Smalakys wrote.
He clarified that the education industry pertains to learning institutions for all age groups, both public and private, as well as training organizations and ed-tech companies.
Across all industries, the United States had the highest number of companies or organizations, at 2,264, responsible for exposing client data.
India was second on the list at 745, followed by the United Kingdom (608), Germany (474), France (434), Brazil (396), Spain (257), Canada (211), Italy (209) and China (185), according to the blog.
Fifty-six percent of the entities that reported data leaks are private companies, and the research found small organizations that employed less than 50 workers were more likely to lose client data. Passwords, email addresses and usernames were the most common forms of data leaked in the breaches, according to Nord Security's report summary.
Smalakys believes that data protection regulations that apply to many European nations have been useful in the defense against cyber attacks. In the absence of government regulations, he added, entities should adopt a different mindset to better protect their data.
"In a constantly challenged cyber environment, businesses no longer have the luxury to store consumer data in plain text on Excel or otherwise neglect basic cybersecurity practices," he wrote. "To avoid financial and reputational risks, companies should consider it their personal duty to ensure clients' data is secured against online threats, even if the legislation is not there yet."
Smalakys also advocates the use of multifactor authentication (MFA) controls to include fingerprint scans, face recognition, security keys, text messages, or email confirmations. He believes passkey tools are a reasonable alternative to passwords that can be used across all industries.
"Considered the most promising alternative to passwords, this technology consists of two cryptographic keys — public and private, and biometric confirmation," Smalakys wrote in an email. "Therefore, we encourage businesses and individuals to try out passkeys wherever possible because it is widely agreed that this technology is one step ahead of other forms of online authentication."
Nord Security, which is headquartered in Lithuania and serves more than 14 million customers worldwide, also published a list of the 200 most commonly used passwords in 2022. "Password" topped the list, followed by "123456," "123456789," "guest," and "qwerty." Four of those top five took one second to crack, while "guest" took 10 seconds to crack. No. 199 on the list, "bonjour," and No. 200, "124578," each took only one second to crack, according to the company website.
(c)2023 Government Technology