The education sector experienced a 44% increase in cyber-attacks when compared to 2021, with an average of 2297 attacks against organizations every week, according to Check Point’s 2022 Mid-Year Report.
The research paper suggests that part of the appeal is the sheer number of personal details that threat actors can obtain by targeting organizations in this sector.
“Academic institutions are currently sitting ducks,” said Deryck Mitchelson, field CISO at Check Point, commenting on the new data.
“Our research team’s monthly threat index has found education to be the most impacted sector for the whole of 2022. It’s clear that cyber-criminals are finding these attacks fruitful, and schools and colleges should be preparing for the rate of these attacks to increase even further.”
In fact, while most companies only have employees, academic institutions don’t just have teachers and lecturers; they also have students, making networks in the sector much bigger, more open and more difficult to protect.
“Students are not employees; they use their own devices, work from shared flats, and connect to free WiFi without necessarily thinking about the security risks. This combination of a lack of understanding and ignorance has contributed to the perfect storm, giving hackers a free run,” he said.
“A ransomware attack should not just be seen as an inconvenience; it could potentially result in a school being closed down, as was the case with Lincoln College that we saw earlier this year.”
However, Mitchelson also added that there are technologies that can allow universities, colleges and schools to be more secure without disrupting student education.
“By choosing to adopt a prevent-first approach and by integrating best practices such as network segmentation, multi-factor authentication and endpoint security, academic institutions can begin to fight back against malicious cyber-criminals,” he concluded.
The Check Point report comes weeks after ESET revealed the advanced persistent threat (APT) SparklingGoblin targeted a Hong Kong university in February 2021 using a Linux variant of the SideWalk backdoor.