Report: 7 in 10 Attempted Data Breaches on Education Are Financially Motivated

Nearly three-quarters, 70 percent, of cybersecurity incidents in education are motivated by the possibility of financial gain, according to Verizon's 2018 Data Breach Investigations Report (DBIR).

One in five attacks on educational institution were motivated by espionage, often targeting sensitive research, and 11 percent of attacks are "just for fun," according to the report.

This year's report looked at more than 53,000 incidents and 2,300 data breaches from 5 countries. For the purposes of the report, an "incident" is defined as, "A security event that compromises the integrity, confidentiality or availability of an information asset," whereas a data breach is, "An incident that results in the confirmed disclosure — not just potential exposure — of data to an unauthorized party."

Human beings are a major security weakness across all industries, with companies being "nearly three times more likely to get breached by social attacks than via actual vulnerabilities," according to information released by Verizon.

Financial pretexting — attacks in which the attacker tricks someone into releasing information under false pretenses, such as telling the victim they are conducting a survey or pretending they are a customer who has lost their login information — has boomed, increasing fivefold over the last year. More than half of the financial pretexting attacks recorded by Verizon this year were targeted specifically at human resources staff.

Also across all industries, ransomware was the most prevalent form of malicious software, accounting for 39 percent of malware attacks.

Key findings of the report specific to the education industry include:

  • There were 292 incidents recorded with 101 confirmed to have disclosed data;
  • Most attackers, 81 percent, were from outside the organization, with internal actors accounting for only 19 percent of attacks;
  • Of the data compromised in attacks on educational institutions, 72 percent was personal, 14 percent some kind of secrets and 11 percent medical;
  • Hacking is the most common action type for incidents in education, accounting for 72 percent of all incidents — largely because of the prevalence of denial-of-service attacks against educational institutions — and 44 percent of breaches; and
  • 14 percent of education breaches featured a causal error by an employee.

To read the full report, visit verizonenterprise.com.

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.

  • modern school building surrounded by a glowing digital shield and floating lock icons

    CoSN Launches Campaign Advocating for Congressional Support for K-12 Cybersecurity

    CoSN, the professional association for K-12 ed tech leaders, has launched a national advocacy campaign urging Congress to maintain federal support for cybersecurity assistance in K-12 education.

  • TEACH project path

    PBLWorks Launches Web-based App to Help Scale Project-Based Learning

    PBLWorks, the provider of professional development for project-based learning (PBL), has introduced PBLWorks TEACH, a web-based application that provides ready-to-use, standards-aligned PBL projects for middle school math, science, English language arts, and social studies.

  • tutors helping young students with laptops against a vibrant abstract background

    K12 Tutoring Earns ESSA Level II Validation

    Online tutoring service K12 Tutoring recently announced that it has received Level II validation underneath the Every Student Succeeds Act (ESSA). The independently validated study provides evidence of K12 Tutoring's role in creating positive student outcomes through effective academic intervention and research-based solutions.