Why is the education sector a top target for cyber attacks?
Here's why education always tops the list of industry targets of cyber attacks, and how to identify potential threat activity.
Published December 20, 2017Year over year, the same industry verticals seem to remain at the top of just about every cybersecurity threat and attack report. Routinely, retail, finance, healthcare and education are top targets for cyberattacks. But why?
Retail and finance make sense. Both industries store financial information and payment info. Of course, access to financial data is a jackpot to any attacker.
Healthcare is another obvious target. Health data "is more valuable on the black market" than credit card information, and identifying information like social security numbers fetch a pretty penny as well.
And then there’s education. Attacks on educational institutions are skyrocketing. Why? They probably aren’t interested in Johnnie’s drawings or math test scores. So, why is education such an attractive target?
While no attacker in the world is interested in stealing 1st grade reading assignments, many Higher Education institutions have research programs that contain valuable data and intellectual property that could be of value to the right competitor. Espionage isn’t out of the question here.
Additionally, education is a constantly moving business, which means accessing and holding just the right data for ransom could prove lucrative to a criminal organization.
This isn’t to say that IT pros in education are doing less than their corporate counterparts. On the contrary, the emphasis on security is equal if not more so. But then there’s the weakest link in every organization’s security chain: the user.
Organizations already struggle to get adult users to pay attention and make security a priority by being aware of phishing scams, not using unsanctioned cloud services, etc.
So, when you look at education, it's easy to see the big risks:
Student users are often, sometimes very, young.
Part of their homework is often to explore the Internet for project research, etc.
They're definitely not thinking about keeping the network secure.
All together, it’s what’s known in the military as a target-rich environment.
Particularly smaller primary schools tend to have less focus and budget on security. The assumption of reliance on a few common security solutions, such as antivirus, makes them feel like they’re protected, when nothing could be farther from the truth.
External attackers need user credentials to be successful. According to Verizon's Data Breach Investigation report, 49% of breaches by external actors involve stolen credentials. While attackers definitely want access to privileged accounts, the need for persistence within a network is a foundational requirement – a need that requires having multiple endpoints and multiple credentials (even if they are low level) to be successful.
Very few educational systems are watching the use of their network. Most focus on establishing a virtual security perimeter to keep bad guys and malware out. So, they're rarely looking to see if someone has worked their way past defenses and is inside either rummaging around or wreaking havoc.
Once you accept there is a problem, the next steps become about how educational institutions can onboard effective security that fits their budget and doesn't add more work to already-busy IT teams.
To prevent unauthorized access, first make sure to onboard two-factor authentication for education. Then, focus on managing the logon to more easily identify potential threat activity.