IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cybersecurity
#
EduTech
#
IAM
Most education organisations suffered a cyber attack in past year
Tue, 5th Sep 2023
Author image
By Shannon Williams, Journalist
Follow us

The majority of educational organisations suffered a cyber attack in the past year, according to new research from Netwrix. 

Cybersecurity vendor Netwrix has revealed additional findings for the education sector from its survey of 1,610 IT and security professionals from more than 100 countries.

According to the survey, 69% of organisations in the education sector suffered a cyberattack within the last 12 months. 

Phishing and user account compromise were the most common attack paths for these organisations, while phishing and malware (such as ransomware) topped the list for other verticals. What's more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

"Organisations in the education sector handle variety of accounts staff, third-party contractors, educators, students, alumni that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained in security best practices because there is a continual supply of newcomers," says Dmitry Sotnikov, VP of Product Management at Netwrix. 

"In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it on a regular basis."

Dirk Schrader, VP of Security Research at Netwrix, says, "To enable research and collaboration, educational institutions often provide a variety of shared devices and systems exposed to the internet creating a massive attack surface.

"To mitigate risk, it is crucial to enforce strong password policies that prevent the use of weak and compromised passwords, implement multifactor authentication (MFA), and adhere to the least privilege principle," he says. 

"In addition, automated detection and response solutions can help IT deal with account compromise and abuse in a controlled and efficient manner."

According to the survey, 77% of educational institutions have a hybrid IT architecture while only 5% are cloud-only. Of the remaining 18% that are strictly on premises, 68% plan to adopt cloud technologies moving forward.

The survey also reveals that the primary IT priorities of educational institutions are the same as for organisations overall: data security, network security and cybersecurity awareness among employees. 

However, there were some differences in what measures the respondents said they would take to enhance the security posture of their organisation if they had a chance to decide on their own. 

Improved privileged access management topped the list for all verticals, but demand for password management was higher in the education sector: 43% of those respondents said they would like to manage passwords better, compared to 36% of respondents from other industries. 

Meanwhile, identity governance turns out to be in lower demand in the education sector: Only 32% of those respondents would choose to improve this area, compared to 41% among organisations overall.

Related stories
GitHub's 2FA initiative helps secure software supply chain
FPT & NVIDIA partner to develop AI & Cloud services hub
AI tools linked to data exposure in 1 in 5 UK organisations
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Dropbox unveils new features for remote work, enhances Microsoft integration