Education among ‘most-targeted’ data breach sectors
Research by cyber exposure company Tenable® found that 1,825 breach data incidents disclosed between November 2020 and October 2021 meant that more than 40 billion records were exposed worldwide.
The 2021 Threat Landscape Retrospective report suggested that almost 13% of breaches were linked to the education sector, with students, educators and parents impacted through canceled classes and inaccessible learning platforms.
A “staggering” 52% of breaches in the education sector were the result of ransomware attacks, it detailed.
“With thousands of students to serve and a growing IT infrastructure, educational institutions face an uphill battle protecting and securing devices,” the report noted.
“While it’s not clear if ransomware groups actively set out to target education facilities, or if this is a result of opportunistic activity targeting easy to find vulnerable devices, this is a worrisome trend.”
“Educational institutions face an uphill battle protecting and securing devices”
The migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service has altered the way organisations should think about security, Tenable® urged.
Education – together with healthcare, government and technology companies – proved to be valuable targets in 2021, and will “continue to be attractive to threat actors as we move into 2022”.
Any organisation that has not patched or mitigated threats such as ransomware remains at risk, Tenable research engineering manager, Scott Caveza said.
“Data continues to be valuable to attackers,” Caveza noted. “As our lives become more and more digitised, we continue to provide or be required to supply personal information to the companies we interact with.
“While we trust these organisations to properly protect our data, the risks of compromise continue to grow as threat actors look to leverage attacks for financial gain. Many organisations are forced to pay a ransom in order to recover access to data that they don’t have backups for.”
The UK’s National Cyber Security Centre noted in early 2021 that it had dealt with a “significant increase” in the number of attacks, while a 2020 survey of IT professionals at educational organisations indicated almost nine out of 10 believed they might have security gaps as the result of the rapid move to remote working.