A report by KnowBe4 highlights the underpreparedness of the global education sector in managing increasing cyber threats.
The report, titled "From Primary Schools to Universities, The Global Education Sector is Unprepared for Escalating Cyber Attacks," indicates that educational institutions were the most targeted industry for cyberattacks in 2024.
This trend is attributed to the increasing adoption of digital systems within educational settings and the accompanying rise in cyber threats.
According to the report, both primary and higher education institutions rely significantly on third-party vendors for services such as software-as-a-service, cloud storage, and IT services.
This reliance can pose security risks, as vulnerabilities or breaches within these third-party systems could impact all institutions relying on them. Often, these vulnerabilities remain undetected for extended periods.
The mixing of modern and legacy IT systems by schools and universities poses another challenge. Due to limited resources and the pressing demands for technological advancement, sensitive personal information may remain on outdated systems, making them more susceptible to exploitation.
Further findings indicate that of the 30,458 security incidents examined in Verizon's 2024 Data Breach Investigation Report, 1,780 (17%) were against the education sector, with 1,537 (14%) resulting in confirmed data disclosures. This positions education among the top five most breached industries worldwide.
The Trustwave research of 2023 identified 352 ransomware claims against educational institutions, with phishing highlighted as the most common method of initial breach. This aligns with the general trend where educational institutions are targeted using common cyberattack techniques.
The report from KnowBe4 demonstrates the impact of security awareness training in mitigating human risk within educational institutions. It cites significant reductions in susceptibility to phishing attacks, falling from 33.4% to 3.9% in smaller institutions after a year or more of sustained training and simulated phishing evaluations.
Stu Sjouwerman, CEO of KnowBe4, commented on the current state of cybersecurity in educational settings, stating, "Today's classroom environment is becoming ever more digital, increasing the attack surface of educational institutions and creating an unprecedented level of cyber risk."
"Educational institutions have inadvertently become prime targets for sophisticated threat actors due to an overall lack of resources."
"The most concrete, effective step that an educational institution can take to secure vital and sensitive data is to ensure that all individuals who access IT systems are equipped with the proper tools, education and awareness to protect against cyber threats and reduce human risk."
