Netwrix, a cybersecurity vendor that makes data security easy revealed additional findings for the education sector from its survey of 1,610 IT and security professionals from more than 100 countries.
According to the survey, 69% of organisations in the education sector suffered a cyberattack within the last 12 months.
Phishing, account compromise
Phishing and user account compromise was the most common attack paths for these organisations, while phishing and malware (such as ransomware) topped the list for other verticals.
What’s more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.
Security training
Even if identity management is automated, it is a challenge to keep users trained in security best practices"
“Organisations in the education sector handle a variety of accounts, staff, third-party contractors, educators, students, and alumni that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained in security best practices because there is a continual supply of newcomers,” says Dmitry Sotnikov, VP of Product Management at Netwrix.
“In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it regularly.”
Automated detection and response solutions
“To enable research and collaboration, educational institutions often provide a variety of shared devices and systems exposed to the internet creating a massive attack surface,” says Dirk Schrader, VP of Security Research at Netwrix.
“To mitigate risk, it is crucial to enforce strong password policies that prevent the use of weak and compromised passwords, implement multifactor authentication (MFA), and adhere to the least privilege principle. In addition, automated detection and response solutions can help IT deal with account compromise and abuse in a controlled and efficient manner.”
- Network / IP
- Office surveillance
- Electronic security systems
- Office security systems
- Campus security systems
- Office security
- Industrial security
- Commercial security
- Security management
- Security policy
- Security installation
- Security tagging
- Security monitoring system
- Security access systems
- Radio frequency Identification
- Signature verification
- Network monitoring
- Video analytics
- Remote video monitoring
- Electronic access control
- Intrusion detection
- Identity management
- Security training
- School security
- Institute security
- Industrial security systems
- Security software
- Security service
- Industrial surveillance
- Human area network
- Visitor management systems
- Indoor surveillance
- Integration software
- Cyber security
- Crime prevention
- Video Management System
- Crowd Management
- Corporate Security
- Indoor Security
- Central Monitoring
- Data Security
- IP transmission
- Incident Management
- Cloud security
- GDPR
- Mergers & Acquisitions
