Compromised On-Premises Accounts Cited in 3 of 4 Attacks in Education Sector

In 75% of cyberattacks targeting education organizations over the last 12 months, IT and security managers cited compromised on-premises accounts as the cause, according to research from cybersecurity vendor Netwrix.

The 2023 Hybrid Security Trends – Education Findings report details findings from Netwrix’s survey of over 1,600 IT and security professionals, which included questions about educational institutions’ IT architecture and digital transformation progress.

Just over three-fourths of respondents said their organization uses a hybrid IT architecture, with 5% fully operating in the cloud. Of the remaining 18% education organizations whose IT systems are housed strictly on-premises, 68% said they plan to adopt cloud technologies moving forward, according to the report.

According to the report, 69% of education respondents said they suffered a cyberattack within the last 12 months, with the most common attack vectors being phishing and user account compromise, Netwrix. What's more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

"Organizations in the education sector handle variety of accounts — staff, third-party contractors, educators, students, alumni — that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained on security best practices because there is a continual supply of newcomers," said Dmitry Sotnikov, VP of Product Management at Netwrix. "In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it on a regular basis."

Netwrix urged IT managers to enforce strong password policies that prevent the use of weak and compromised passwords, require MFA, and adhere to the least-privilege principle.

Find the full survey results at Netwrix.com.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • glowing digital lock surrounded by futuristic dollar signs, stacks of currency, and coins, connected by neon circuit lines

    FCC Reports Strong Interest in Schools and Libraries Cybersecurity Pilot Program

    The Federal Communications Commission has received 2,734 applications totaling $3.7 billion in funding requests from schools, libraries, and consortia for its Schools and Libraries Cybersecurity Pilot Program, the agency reported in a recent announcement.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs Off on AI Content Safeguard Laws

    California Governor Gavin Newsom has officially signed a series of landmark artificial intelligence bills into law, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • stylized illustration of an open guidebook with a glowing AI symbol hovering above

    ED Releases Toolkit for Intentional Use of AI in Education

    The United States Department of Education's Office of Educational Technology has released a new resource to help education leaders navigate AI adoption while ensuring student protection.

  • a digital lock symbol is cracked and breaking apart into dollar signs

    Report: Ransomware Costs Schools Nearly $550,000 per Day of Downtime

    New data from cybersecurity research firm Comparitech quantifies the damage caused by ransomware attacks on K-12 and higher education institutions.