High numbers of schools hit by phishing, account compromise and ransomware attacks

According to a new report, thieves are targeting the personal data of staff and students stored in the cloud.

email concept

Image: iStock/Igor Kutyaev

Most educational organizations (60%) experienced phishing attempts, while 33% were victims of an account compromise attack, and 27% were hit by ransomware in 2020, according to a new report from cybersecurity vendor Netwrix. 

More about cybersecurity

The number of phishing attempts targeting educational institutions was well above average, according to the 2021 Cloud Data Security Report from Netwrix. Fewer than half (40%) of non-education sector organizations experienced the same level of attack. 

Of the educational organizations that experienced a ransomware attack, 49% said the attack went unnoticed for days, 19% said hours, and 32% said it took them just minutes to discover the attack. 

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

Over a quarter (28%) of organizations said it took days to uncover an account compromise attack, 54% said hours, and 18% said they uncovered attacks in minutes.

Phishing attempts went unnoticed for days by 23% of organizations, 33% said hours, and 44% said they knew within minutes.

About half of the organizations reported that understaffing (53%), a lack of experienced staff (52%), and/or not enough budget (49%) made them vulnerable to attacks. 

In an attempt to stop attackers, over half of respondents said they deploy cloud backups, audit user activity, and review user access rights. Of those that do not take these steps, about one quarter (24%) said they plan to, while the remainder said they have no plans to do so. Additionally, 40% of respondents said they plan to deploy data classification and 36% said they will use multifactor authentication in the future to help protect data.

Other findings include:

  • Almost half (48%) of educational organizations store employee data in the cloud 

  • Just under one third (30%) of educational organizations store student data in the cloud

  • Almost all (93%) educational organizations required days or weeks to discover data leaks

  • One third (33%) required weeks to recover from attacks

SEE: Security incident response policy (TechRepublic Premium)

Even though the COVID-19 pandemic caused massive upheaval to the educational sector, only 33% of respondents changed their cybersecurity spending or priorities. Just over a quarter (27%) kept existing budgets but altered their cybersecurity priorities. Only 24% of respondent’s cyber security budgets are earmarked for cloud security.

“Because educational institutions are understaffed and lack funding for sufficient training, the sector struggles to adequately respond to the ever-changing cyber threat landscape. With IT teams forced to be reactive instead of proactive towards security, the current wave of PYSA ransomware attacks can easily lead to breaches,” said Ilia Sotnikov, Netwrix’s vice president of product management.

Also see