Compromised On-Premises Accounts Cited in 3 of 4 Attacks in Education Sector

  • By Kristal Kuykendall
  • 09/28/23

In 75% of cyberattacks targeting education organizations over the last 12 months, IT and security managers cited compromised on-premises accounts as the cause, according to research from cybersecurity vendor Netwrix.

The 2023 Hybrid Security Trends – Education Findings report details findings from Netwrix’s survey of over 1,600 IT and security professionals, which included questions about educational institutions’ IT architecture and digital transformation progress.

Just over three-fourths of respondents said their organization uses a hybrid IT architecture, with 5% fully operating in the cloud. Of the remaining 18% education organizations whose IT systems are housed strictly on-premises, 68% said they plan to adopt cloud technologies moving forward, according to the report.

According to the report, 69% of education respondents said they suffered a cyberattack within the last 12 months, with the most common attack vectors being phishing and user account compromise, Netwrix. What's more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

"Organizations in the education sector handle variety of accounts — staff, third-party contractors, educators, students, alumni — that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained on security best practices because there is a continual supply of newcomers," said Dmitry Sotnikov, VP of Product Management at Netwrix. "In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it on a regular basis."

Netwrix urged IT managers to enforce strong password policies that prevent the use of weak and compromised passwords, require MFA, and adhere to the least-privilege principle.

Find the full survey results at Netwrix.com.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • tutors helping young students with laptops against a vibrant abstract background

    K12 Tutoring Earns ESSA Level II Validation

    Online tutoring service K12 Tutoring recently announced that it has received Level II validation underneath the Every Student Succeeds Act (ESSA). The independently validated study provides evidence of K12 Tutoring's role in creating positive student outcomes through effective academic intervention and research-based solutions.

  • elementary school boy using a laptop with a glowing digital brain above his head and circuit lines extending outward

    The Brain Drain: How Overreliance on AI May Erode Creativity and Critical Thinking

    Just as sedentary lifestyles have reshaped our physical health, our dependence on AI, algorithms, and digital tools is reshaping how we think, and the effects aren't always positive.

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation in Education

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education, from preschool through higher education.

  • a cloud, an AI chip, and a padlock interconnected by circuit-like lines

    CrowdStrike Report: Attackers Increasingly Targeting Cloud, AI Systems

    According to the 2025 Threat Hunting Report from CrowdStrike, adversaries are not just using AI to supercharge attacks — they are actively targeting the AI systems organizations deploy in production. Combined with a surge in cloud exploitation, this shift marks a significant change in the threat landscape for enterprises.