Nearly half of British higher education institutions experience a cyber attack every week
The education sector continues to be plagued by malicious threats. New research from Microsoft shows that almost half (43%) of UK higher education institutions experience breaches or cyber attacks every week.
The latest from the company Cyber signals report claims that universities are the main targets of malware, IoT vulnerabilities and phishing – with an average of 2,507 cyber attack attempts per week, according to the report.
This makes education the third most targeted sector for attacks, after manufacturing and consumer retail.
A high price
The report identified email systems and networks as a vulnerability for universities because they provide a lot of room for compromise. The need for constant communication, both within and outside the school networks, leaves room for attacks from external users.
Because higher education institutions store sensitive information about students and staff but don’t have huge cybersecurity budgets, they have become an attractive target for threat actors looking to exfiltrate the data for ransom.
Recent research shows that schools and universities are paying higher ransoms than ever before, with more than two-thirds (67%) of IT leaders working in higher education ultimately paying more than hackers originally asked for.
“Educational institutions feel a responsibility to remain open and continue to provide services to their communities. These two factors can contribute to why victims feel so much pressure to pay,” said Chester Wisniewski, CEO of Sophos.
Microsoft’s investigation also identified national actors targeting educational institutions. For example, Iranian state actors such as Peach Sandstorm and Mint Sandstorm have both been observed using social engineering attacks.
“The types of threats that we’re seeing, the types of events that are happening in higher education, are much more aggressive from cyber adversaries,” said Davis McMorries, Chief Information Security Officer at Oregon State University.
In particular, around 15,000 emails containing malicious QR codes target the sector every day.