- eCampus News - https://www.ecampusnews.com -

Report: Higher ed still woefully unprepared against cyber attacks

Twenty-six percent of education respondents in a new survey reported daily or weekly cyber attacks in 2016, and 98 percent of all responding organizations experienced cyber attacks in 2016.

The 2016-2017 Global Application & Network Security Survey [1] from cyber security company Radware reveals that while cyber ransom proves the easiest and most lucrative tool for cyber criminals, almost all ransom events have a different attack vector, technique or angle.

Ransom attacks are the most prevalent, increasing from 25 percent of attacks in 2015 to 41 percent of attacks in 2016. The report attributes the increase to the lucrative nature of such a “business.”

Twenty percent of education respondents reported monthly cyber attacks, 31 percent reported 1-2 per year, 4 percent said they have never experienced a cyber attack, and 19 percent were unsure.

The report characterized the education industry at a “medium likelihood” for cyber attacks, along with the retail and health industries.

But of all sectors, education is the most vulnerable to cyber attacks, scoring the lowest in terms of being extremely or very well prepared to defend against various attacks.

(Next page: Emerging threats and key cyber security predictions)

Fifty percent of education respondents are extremely or very well prepared to protect themselves against malware and bots, including worms, viruses and span. Forty-three percent are prepared to fight distributed denial of service (DDoS), 37 percent are prepared to fight web application attacks, 28 percent are prepared to fight social engineering attacks such as phishing, 20 percent are prepared to combat ransomware, and 28 percent are equipped to fight advanced persistent threats.

The education industry faced more challenges this year because vendors on the Darknet began offering school hacking services, according to the report. In 2016, 444 school networks in Japan went offline as a result of a massive cyber-attack. Hacking services found on the Darknet make it increasingly easy for non-hackers to carry out an attack or cause damage to a school’s resources.

In addition, a potential attacker can rent a botnet or a stresser service for as little as $20 in Bitcoin and launch the attack themselves. In most cases, the report notes, it’s either a student looking to delay a test or manipulate the registration process or a personal attack against the school by a student or staff member.

Key predictions from the report include:

“Threat actors have a single focus, to develop the best tools possible to either disable an organization or steal its data,” said Carl Herberger, Vice President of Security Solutions at Radware. “Businesses focus on delivering the highest value to their customers. In order to deliver that value, security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organizations will remain vulnerable.”