Cybersecurity Reports See Rise in Education Risks

• By Dian Schaffhauser
• 03/10/20

Two cybersecurity reports that highlight mobile device risks — one from Verizon and the other from NetScout Systems — have also touched on the education sector in their findings.

Verizon's "Mobile Security Index 2020" reported that two in five public sector organizations (39 percent) admitted to suffering a compromise involving a mobile device in the last year. But the most likely segment within those sectors to be hit was education, where 44 percent of schools acknowledged they'd been compromised through a mobile device breach.

The Verizon public sector survey was based on responses from around 175 people (the number in education wasn't specified), all of whom served as "senior professionals" in charge of mobile device "procurement, management and security."

When they were asked whether they had "ever sacrificed the security of mobile devices to get the job done," a third (36 percent) acknowledged that they had done so. And those organizations were 2.2 times as likely to have been compromised.

Insider threats were the biggest concern for these respondents. Seventy-one percent said they thought employees were their greatest risk when it came to mobile devices.

As the report's authors noted, these organizations were "failing to take" even basic precautions. Fewer than half (46 percent) reported that default or vendor-supplied passwords were changed. Just 51 percent said they encrypted sensitive data when it was sent across public networks. And about two-thirds (64 percent) admitted that they "personally" used public WiFi networks for work, even when nearly four in 10 organizations had policies prohibiting the practice.

The NetScout Threat Intelligence Report took a different tack for its findings — analyzing the data generated from its own systems. The latest report covered the "global threat landscape" for the last half of 2019.

According to the company, education organizations have come "under increased pressure from attackers." The frequency of attacks grew by 41 percent in this sector. The "max" DDoS attack size jumped 58 percent for technical and trade schools specifically and six percent for colleges.

On the mobile front, across the board in all kinds of organizations, mobility hits were on the rise. Distributed Denial of Service (DDoS) attacks against mobile networks were up 64 percent from the second half of 2018 to the second half of last year.

The report said that the increase was probably due to two reasons: the increased popularity of gaming on mobile devices with 4G and LTE connectivity; and the tendency of gamers especially in Asian countries to use their phones as wireless hotspots. "As gaming continues to be a prime motivation for DDoS attacks, adversaries naturally follow their targets, further leading to the growth in attacks," the report stated.

The report explained that mobile malware was useful to attackers because it provides a "window into the mind of the user." As the report stated, "mobile devices often contain invaluable personal and professional communications, sensitive documents and other accesses into privileged environments. They can provide a glimpse into where a user has been and track current movements."

Even as mobile phones are becoming the only computer that many people have, just half bother to take steps to protect them, "making it shockingly simple" for advanced persistent threat groups to "deploy and use mobile malware."

Both reports encouraged organizations to take a stand against mobile risks by covering the basics (patching and restricting data access on a "need-to-know" basis) and the more complicated (encrypting data sent over unsecured networks and educating users on the problems they face in using public WiFi).

Both the Verizon and NetScout reports are available on their respective websites (registration required).