Education under siege

The education sector is seen as an industry of industries, with varying degrees of complexity split between K-12 and higher education, geography-specific limitations, and the availability of resources. Among the many flavors of education, these organizations handle data that could include health records, financial data, and other regulated information. At the same time, their facilities can host payment processing systems, networks that are used as internet service providers (ISPs), and other diverse infrastructure.

The cyber threats that Microsoft observes across different industries tend to be compounded in education, and threat actors have realized that this sector is inherently vulnerable. With an average of 2,507 cyberattack attempts per week, universities are prime targets for malware, phishing, and IoT vulnerabilities.¹ Microsoft observes that in the United States, students and faculty are more likely to use personal devices in education compared to Europe, for example. Regardless of ownership however, in these and other regions, busy users do not always have a security mindset.

Security staffing and IT asset ownership also affect education organizations’ cyber risks. School and university systems, like many enterprises, often face a shortage of IT resources and operate a mix of both modern and legacy IT systems. For these reasons, threat actors often take advantage of the limited security controls in this sector to test and perfect new attack techniques, which are then applied to other industries.

This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures. From personal devices to virtual classes and research stored in the cloud, the digital footprint of school districts, colleges, and universities has multiplied exponentially.

To learn more, read the full report.