Key points:
- The education sector is up against near-constant cybersecurity challenges
- How higher ed can stay ahead of growing cyber threats
- Can AI outperform network security teams? Many believe it will
- For more news on IT security, visit eCN’s Cybersecurity hub
Seventy-seven percent of organizations in the education sector spotted a cyberattack on their infrastructure within the last 12 months–up from 69 percent in 2023, according to a new report.
The most common attack vectors were similar to those among other industries: phishing, user account compromise, and ransomware or other malware attacks.
The data comes from Netwrix, a cybersecurity provider that surveyed 1,309 IT and security professionals globally and today released findings for the education sector based on the data collected.
In the education sector, almost half (47 percent) of organizations faced unplanned expenses to fix security gaps because of a security incident. Moreover, one in seven of those organizations incurred compliance fines, and each tenth reported changes in senior leadership and lawsuits.
Universities or school districts can have as many user accounts as some global multi-national businesses. While educational institutions may have the same complexity as large organizations, they typically lack matching budgets and resources to deal with their dynamic environments,” said Ilia Sotnikov, a security strategist at Netwrix. “It is crucial for the IT security teams in the education sector to have processes and tools in place to govern the identities, audit their activity, and monitor for any abnormal or malicious behavior.”
Half of educational institutions (51 percent) name lack of budget as their biggest data security challenge, followed by users’ mistakes and negligence (47 percent) and an understaffed IT team (45 percent).
Eighty-one percent of educational institutions have a hybrid IT architecture compared to 74 percent across other industries. Among those 14 percent that are strictly on premises, 47 percent plan to adopt cloud technologies moving forward.
“An incident can reveal security gaps such as excessive admin privileges, dormant accounts, weak or unchanged passwords, default passwords or configurations, and unpatched systems due to negligence or lack of knowledge,” said Dirk Schrader, VP of security research and field CISO EMEA at Netwrix. “Fixing a gap might not immediately require spending additional money but will definitely require time from the IT security team. In other words, addressing the root cause of a security incident results in additional investment, in either money or effort, or both.”
- 3 reasons AI skills are essential for college grads - January 17, 2025
- Navigation and guidance in the age of AI: 5 trends to watch - January 14, 2025
- 4 areas poised to impact the future of higher education - January 13, 2025