It seems to be steeped into our conventional wisdom that cyber hackers only target high-value institutions, such as banks, insurance companies and large sources of cash and personal customer information. But, increasingly, other types of institutions are becoming targets, perhaps because they don’t have the kind of rigorous security that moneyed organizations have, even though they are heavy users of cloud-based applications. They also have plenty of sensitive personal information that can be leveraged by cyber criminals.
According to new research, nearly half of all educational institutions suffered a cyberattack on their cloud infrastructure within the last 12 months. This is according to cybersecurity company Netwrix, which announced its findings for the education sector from its global 2022 Cloud Data Security Report. The report also found that, for 27 percent of them, incidents in the cloud were associated with unplanned expenses to fix security gaps.
"Educational institutions are keen to broaden their cloud adoption: The sector expects to have 56% of the workload to be in the cloud by the end of 2023, compared to this year's 44 percent," said Dirk Schrader, VP of Security Research at Netwrix. "But, without proper visibility into who has access to sensitive data and when and how that data is being used, IT teams will not be able to proactively mitigate data overexposure and spot suspicious behavior in the cloud."
A large percentage of educational organizations confirmed they store sensitive data in the cloud: the study found that 83 percent of schools do. With educators and students constantly sharing that information, schools tend to be more concerned about insider threats than other industries. Forty-eight percent of respondents in this sector consider cybersecurity risks associated with their own employees to be the biggest ones.
"The educational sector has a good reason to be concerned about insider threats since, 42 percent of them experienced account compromise attacks in 2022 compared to the average of 31 percent from the other industries surveyed,” said Schrader. “Accordingly, their IT teams should pay closer attention to identity and access management by implementing a zero standing privilege approach and enforcing strong password policies.”
While some industries may seem to be more likely targets, the fact is, every business is a target and they all should take extra precautions to safeguard their networks, devices, and data with the latest security strategies and solutions from their technology partners.
Edited by
Erik Linask
