Verizon recently published its 2022 Data Breach Investigation Report (DBIR) which has presented some shocking statistics. While cyberattacks have been continuously plaguing every sector, the education sector has been going through a lot. Let’s dive into it.
Some stats your way
More than 30% of breaches in the sector were caused by ransomware attacks.
Among the 1,241 incidents detected, 282 involved data disclosure.
Eighty percent of the breaches constituted system intrusion, basic web app attacks, and miscellaneous errors.
While 75% of external breaches were caused by external actors and the remaining was due to internal errors.
Financial motives were the aim of 95% of breaches while the remaining 5% accounted for cyberespionage.
Security breaches in the sector mainly exposed personal information (63%), followed by credentials (41%) and others (23%).
Thirty-four percent of the errors resulted from an email sent to the wrong person or with a wrong attachment.
Why this matters
The education sector is repeatedly pelted by attacks targeting the external infrastructure by financially motivated threat actors. Nevertheless, the sector also faces breaches due to errors, as displayed by the statistics above. Although these kinds of errors have declined over the years, they are still relatively a usual occurrence and should be taken into account considering the variety of data handled by educational institutions.
The FBI released a report regarding a credential theft threat against higher education institutions in the U.S. Once the attackers gain access to the credentials, they either sell them on underground forums or disclose them publicly. The sensitive information for sale usually includes VPN access and network credentials.
A cyberattack on Regina Public Schools disabled all internet-based systems, including education tools and email. Likewise, ransomware attacks by Cl0p on K-12 school districts in New Mexico and Ohio ended in the threat actor stealing sensitive data and leaking them.
The FBI advises decreasing credential exposure by implementing local device credential protection solutions, enabling network segmentation, monitoring for anomalous traffic, and implementing brute force protection. Moreover, checking connections via RDP is a must since hackers target that frequently. As ransomware attacks against the sector are not going to decline any time soon, applying appropriate solutions is the way to keep potential credential exposure at bay.