The State of Education Cyber-Security in 2018

Philip Robinson by   09.28.2018   Data Security

Due to the large number of users, and the large amounts of valuable data they store, educational institutions remain a prime target for cyber-criminals. According to a survey carried out by VMware, “one in three universities in the UK face cyber-attacks on an hourly basis,” and according to a report by the Information Commissioner’s Office’s (ICO), the education sector has seen a 32% increase in reported incidents since 2016.

What is Behind the Rise in Cyber-Attacks on the Education Sector?

Large Amounts of Valuable Data

Educational institutions store large amounts of intellectual property which could be valuable to certain people. According to an article by, information relating to medicine, engineering and missile research have need known to be targeted by hackers. As such, we cannot rule out cyber-espionage as a motivating factor. Universities also store large amounts of personally identifiable information (PII) and protected health information (PHI), which can be very valuable on the black market.

Educational Institutions are Often an Easy Target

That’s not to suggest that they are any less prepared than other industry verticals, more that they are dealing with a unique set of conditions which increases the size of their attack surface. For example, when you have a large number of students who are constantly searching the internet for study materials and resources, it is very difficult to ensure that those students understand about security best practices. It’s only a matter of time until one of those students falls victim to some kind of social engineering attack. Additionally, the large number of users makes it easier for hackers to establish persistent access through multiple credentials and endpoints.

Educational Institutions Have Limited Resources

This is especially true for smaller institutions, such as primary schools. And since they have less resources, they are less likely to be aware about what constitutes an effective security strategy. For example, they probably assume that having a firewall and installing some anti-virus software means they have an adequate level of protection. Of course, nothing could be further from the truth.

Too Much Focus on Perimeter Security

When people think about cyber-crime, they automatically conjure up an image of a malicious external actor seeking to break into their system through some kind of back-door. While it is true that hackers engage in such endeavours, this image has a tenancy to distract organisations from what’s happening under their nose. After all, it is common knowledge amongst security professionals that insiders account for the majority of security breaches – whether by accident or on purpose.

How Can Educational Institutions Improve Their Defence Strategy?

Of course, educating students about security best practices should be the first line of defence. However, when dealing with a very large number of users, this is easier said than done. It would be a good idea for educational institutions to provide regular security notices, which students must explicitly acknowledge before they can access the network. Regarding perimeter defences, firewalls and anti-virus software alone will not suffice. Institutions should also look into Intrusion Detection and Prevention Systems (IDPS) and Data Loss Prevention (DLP) solutions for additional security.

As mentioned previously, insider threats account for the majority of data breaches. As such, institution’s will need to ensure that they know exactly who has access to what data, and when. It is crucially important that both students and staff members are only granted access to the data they need to perform their duties. In order to restrict access permissions and receive real-time alerts when changes are made to those permissions, institution’s will need to embrace the technology that is available to them. There are many change auditing solutions which can detect, alert, report and respond to changes made to access permissions, as well as any sensitive data they store.

Do you like this blog post?