Attacks On The Education Sector Are Surging: How Can Cyber-defenders Respond?

Business Security

Academic institutions person a unsocial group of characteristics that makes them charismatic to bad actors. What's nan correct antidote to cyber-risk?

14 Apr 2025  •  , 5 min. read

We each want nan champion imaginable acquisition for our children. But moreover nan best-laid plans tin travel unstuck erstwhile confronted pinch an agile, persistent and devious adversary. Nation state-aligned actors and cybercriminals correspond 1 of nan biggest threats to schools, colleges and universities today. The acquisition assemblage was nan third–most targeted successful Q2 2024, according to Microsoft.

And ESET threat researchers person observed blase APT groups targeting institutions crossed nan globe. In nan play from April to September 2024, nan acquisition assemblage was successful nan top 3 astir attacked industries by China-aligned APT groups, nan apical 2 for North Korea, and successful nan apical six some for Iran- and Russia-aligned actors.

Academic institutions person a unsocial group of characteristics that makes them charismatic to bad actors. But fortunately, cosmopolitan champion believe information steps stay an effective antidote to cyber-risk.

Why do hackers spell aft schools and colleges?

In nan UK, 71% of secondary (senior high) schools and astir each (97%) of universities identified a superior information breach aliases onslaught complete nan past year, versus conscionable half (50%) of businesses, according to government figures. In nan US, nan astir caller figures disposable from nan K12 Security Information Exchange (SIX) reveal that, betwixt 2016 and 2022, nan federation knowledgeable much than 1 cyber-incident per schoolhouse day.

So why are acquisition institutions specified a celebrated target?

It's a operation of porous networks, ample personification numbers, highly monetizable data, and constricted information know-how and budgets. Let’s see these successful much detail:

• Limited fund and cognize how: The acquisition assemblage simply can’t compete pinch deep-pocketed backstage enterprises erstwhile it comes to constricted cybersecurity talent. And nan aforesaid budgetary unit intends institutions usually don’t person overmuch to walk connected information tooling. This tin create vulnerable gaps successful sum and capability. However, specified monetary concerns make it moreover much important to mitigate cyber-risk. One report claims ransomware attacks connected US schools and colleges since 2018 person costs them $2.5bn successful downtime alone.
• Personal devices: According to Microsoft, BYOD is commonplace successful US schools, while astatine university, students everyplace will beryllium expected to supply their ain laptops and mobile devices. If they’re allowed to log-on to schoolhouse networks without capable information checks, these devices could unwittingly supply threat actors pinch a pathway to delicate information and systems.
• Fallible users: Humans stay 1 of nan biggest challenges for information staff. And nan sheer number of unit and students successful acquisition environments makes them a celebrated target for phishing. Awareness training is essential. But successful nan UK, for example, only 5% of universities make it compulsory for students.
• A civilization of openness: Schools, colleges and universities are not for illustration emblematic businesses. A civilization of accusation sharing, and openness to outer collaboration, tin induce consequence and supply opportunities for threat actors to leverage. Tighter controls, particularly connected email communications, would beryllium preferred. But that’s difficult erstwhile location are truthful galore connected 3rd parties – from alumni and donors, to charities and suppliers.
• A wide onslaught surface: The acquisition proviso concatenation is conscionable 1 facet of a increasing cyberattack surface that has expanded successful caller years pinch nan advent of virtual learning and distant work. From unreality servers to individual mobile devices, location networks and large, fluid numbers of unit and students, location are plentifulness of targets for threat actors to purpose at. It doesn’t thief that galore acquisition institutions are moving bequest package and hardware that whitethorn beryllium unpatched and unsupported.
• PII and IP: Schools and universities store, negociate and process ample volumes of personally identifiable accusation (PII) connected unit and students, including wellness and financial data. That makes them an charismatic target for financially-motivated ransomware actors and fraudsters. But there’s more. The delicate investigation handled by galore universities besides singles them retired for federation authorities attention. The head wide of MI5 warned nan heads of nan UK’s starring universities astir precisely this backmost successful April 2024.

The threat is real

These are not theoretical threats. K12 SIX has cataloged 1,331 publically disclosed schoolhouse cyber-incidents affecting US schoolhouse districts since 2016. And EU information agency ENISA documented complete 300 incidents impacting nan assemblage betwixt July 2023 and June 2024. Many much will spell unreported. Universities are continually being breached by ransomware actors, sometimes to devastating effect.

Typical threat character TTPs facing nan acquisition sector

As for nan tactics, techniques, and procedures (TTPs) utilized to target acquisition assemblage institutions, it depends connected nan extremity end and threat actor. State-backed attacks are often sophisticated, specified arsenic those from Iran-aligned group Ballistic Bobcat (aka APT35, Mint Sandstorm). In 1 example, ESET observed nan character attempting to circumvent information package including EDR, by injecting malicious codification into innocuous processes and utilizing aggregate modules to evade detection.

In nan UK, ransomware is viewed by universities arsenic nan number 1 cyberthreat to nan sector, followed by societal engineering/phishing and unpatched vulnerabilities. And successful nan US, a Department of Homeland Security report claims that: “K‑12 schoolhouse districts person been a adjacent changeless ransomware target owed to schoolhouse systems’ IT fund constraints and deficiency of dedicated resources, arsenic good arsenic ransomware actors’ occurrence astatine extracting costs from immoderate schools that are required to usability wrong definite dates and hours.”

The increasing size of nan onslaught surface, including individual devices, bequest technology, ample numbers of users and unfastened networks, makes nan occupation of nan threat character that overmuch easier. Microsoft has moreover warned of a spike successful QR code-based efforts. These are designed to support phishing and malware campaigns via malicious codes connected emails, flyers, parking passes, financial assistance forms, and different charismatic communications.

How tin schools and colleges mitigate cyber-risk?

There whitethorn beryllium a unsocial group of reasons why threat actors target schools, colleges and universities. But broadly speaking, nan techniques they’re utilizing to do truthful are tried and tested. That intends nan accustomed information rules apply. Focus connected people, process and exertion pinch immoderate of nan pursuing tips:

• Enforce strong, unsocial passwords and multi-factor authentication (MFA) to protect accounts
• Practice bully cyber-hygiene pinch punctual patching, predominant backups and information encryption
• Develop and trial a robust incident consequence scheme to minimize nan effect of a breach
• Educate staff, students and administrators successful champion believe security, including really to spot phishing emails
• Share a elaborate acceptable usage and BYOD argumentation pinch students, including what information you expect them to pre-install connected their devices
• Partner pinch a reputable cybersecurity vendor that protect your organization’s endpoints, information and intelligence property
• Consider utilizing managed discovery and consequence (MDR) to show for suspicious activity 24/7 and thief drawback and incorporate threats earlier they tin effect nan organization

Global educators already person plentifulness of problems to woody with, from skills shortages to backing challenges. But ignoring nan cyberthreat will not make it spell away. If near to escalate, breaches tin origin tremendous financial and reputational harm which, for universities successful particular, could beryllium disastrous. Ultimately, information breaches diminish nan expertise of institutions to supply nan champion imaginable education. That’s thing we should each beryllium concerned about.