Educational institutions are becoming major targets for online threat actors, according to cybersecurity experts. In 2024, schools, colleges, and universities are increasingly being targeted by nation-state-backed hackers and financially motivated cybercriminals. A Microsoft report ranks the education sector as the third-most-targeted industry in Q2 2024. This alarming trend highlights the growing threats that these institutions face in the digital world.
ESET threat researchers have documented a rise in attacks from advanced persistent threat (APT) groups, particularly from China, North Korea, Iran, and Russia.
These APTs are focusing on educational organizations, with Chinese groups ranking education among their top three targets. The US saw over one cyber-incident per school day from 2016 to 2022, and in the UK, significant breach rates were recorded in secondary schools and universities. The surge in attacks is undeniable and concerning.
Several factors make educational institutions attractive targets for cyber attackers. Many schools and universities struggle with limited cybersecurity budgets, making them vulnerable to attacks. The combination of open networks, diverse user populations, and the use of personal devices only amplifies these risks. Additionally, these institutions hold sensitive data, such as personal information and valuable research, making them prime targets for ransomware gangs and state-backed hackers.
Attackers use various techniques, including email phishing, social engineering, and sophisticated malware. Ransomware remains the top threat, with attackers demanding large payouts. Despite these challenges, experts stress the importance of cybersecurity fundamentals, such as using strong passwords, patching vulnerabilities, and employing multi-factor authentication. As cyber risks continue to rise, education leaders must prioritize protecting their digital infrastructure to maintain the trust and security of students and families.
Reference:
