An annual IT security report outlines how education fared against attacks in 2015
Smartphones, social media, and the Internet of Things are all rapidly growing in higher education–and they all pose security risks, according to a massive new report.
In 2015, more than 430 million new unique pieces of malware were discovered by Symantec–up 36 percent from 2014, according to Symantec’s Internet Security Threat Report, which features data pulled from the company’s network. Last year, 429 million total identities were exposed–a 23 percent increase from 2014. An average of 1.3 million identities were exposed with each breach.
The report offers six key findings and trends before delving into vulnerabilities and attacks in detail:
1. A new zero-day vultnerability was discovered on average each week in 2015
2. Over half a billion personal records were stolen or lost in 2015
3. Major security vulnerabilities in three-quarters of popular websites put everyone at risk
4. Spear-phishing campaigns targeting employees increased 55 percent in 2015
5. Ransomware increased 35 percent in 2015
6. Symantec blocked 100 million fake technical support scams in 2015
Educational services ranked third, after healthcare and business services, in top 10 sub-sectors breached, by number of incidents in 2015. Educational services accounted for 5 million of the identities exposed in the services sector in 2015. They also ranked fifth for number of incidents caused by hacking and insider threat.
Next page: Higher education’s IT security concerns
Educational websites were the sixth most frequently exploited type of website, with 6.4 percent of the total number of infected websites in 2015.
A move to stronger authentication, accelerating to always-on encryption, and changing browsers’ security indicators to better indicate to visitors how safe a site is could help, the report notes.
In particular, “organizations need to be more proactive around SSL/TLS implementation,” the authors write. “Rather than thinking solely about protection, website managers need to think about protection, detection, and response.”
New mobile vulnerabilities saw a 214 percent increase, to 528, up from 168 in 2014.
“Smartphones are an increasingly attractive target for online criminals,” according to the report. “As a result, they are investing in more sophisticated attacks that are effective at stealing valuable personal data.”
Android devices seem to be the main target, though Apple devices are also subject to attacks.
Smartphones and tablets–which are in the backpacks or pockets of university students across the globe–have high-bandwidth connectivity and powerful processors, and they also contain valuable personal information, the report notes, such as Apple Pay, Samsung Pay and Android Pay.
App stores also present an opportunity for “cross-over” threats. The report offers an example: “…With Google Play, customers can browse the Play Store from their computer using a normal web browser, installing apps directly onto their phone. Recent examples of some Windows malware have exploited this by stealing browser cookies for Google Play sessions from the infected desktop computer and using these stolen cookies (essentially the users’ credentials), impersonating the user to remotely install apps onto the victims’ phones
and tablets without their knowledge or consent.”
The report’s authors recommend that people treat their mobile devices like small, powerful computers and protect them accordingly, including:
- Access control, including biometrics where possible
- Data loss prevention, such as an on-device encryption
- Automated device backup
- Remote find and wipe tools in the event of a lost device
- Regular updating
- Refrain from downloading apps from unfamiliar sites
- Don’t jailbreak devices
- Pay attention to permissions requested by an app
- Update apps as often as possible
- Change IDs and passwords if a compromise is suspected
The Internet of Things
The number of “things” connected to the internet grows quickly, and in the U.S., there are 25 online devices per 100 inhabitants. Gartner forecasts 6.4 billion connected things will be in use worldwide in 2016, reaching 20.8 billion by 2020.
But the authors note that in the last year, Symantec observed “an increase in proof-of-concept attacks and growing numbers of IoT attacks in the wild. In numerous cases, the vulnerabilities were obvious and all too easy to exploit. IoT devices often lack stringent security measures…”
Cars, smart home devices, medical devices, smart TVs, and embedded devices are all cause for concern.