The education/research sector has been the primary target of cyberattacks in the world. The industry witnessed about 2256 weekly cyberattacks per organisation in 2023.
After Covid-19, many industries switched to online platforms, with the education industry being the primary one. This pivot from offline to online has certainly brought many conveniences but has also raised cybersecurity concerns for this industry.
Researchers from Check Point Research have unveiled that the education/research sector has witnessed a staggering average of 2256 weekly cyberattacks per organisation in the first half of 2023. Although this represents a one per cent decline compared to the same period last year, what is striking is that this sector continues to bear the brunt of the highest rate of cyberattacks across all industries.
What is the reason behind the most cyberattacks on the education sector, which is significantly more than on government/military, healthcare, communications and even finance/banking? The research indicates that excessive digitisation and reliance on online platforms for learning, teaching, and assessment provide ample opportunities for attackers to exploit vulnerabilities.
Moreover, schools, colleges and universities can provide a wealth of data for cybercriminals, including sensitive student data and financial and personal records. Attackers can have a potential feast of data that includes not only that of the students but also their parents and teachers.
Considering region-wise trends on cyberattacks in the education sector, we find that the Asia-Pacific (APAC) region has experienced the highest weekly cyberattack rate per educational organisation, averaging 4529 attacks in 2023. Additionally, Europe witnessed an 11% increase in cyberattacks compared to the previous year, emphasising the global nature of the threat.
|Region||Average weekly Cyber Attacks per Organization||YoY Change|
In July, a sophisticated scam emerged impersonating Golden Gate University. The deceptive email, seemingly from the university but sent from an unrelated email address, aimed to lure recipients into clicking a fraudulent application link. The link directed users to a malicious website that security experts flagged as a phishing trap, potentially compromising personal information and online payments.
Along with phishing, hackers are using ransomware attacks on universities. The University of Western Scotland recently suffered a ransomware attack by the Rhysida ransomware gang.
To protect themselves from such attacks, schools and universities should take precautions, including investing in a robust data backup infrastructure, up-to-date patches, applying anti-ransomware solutions, and utilising automated threat prevention measures.