Recent research by Microsoft indicates that nearly half of UK higher education institutions encounter cyberattacks on a weekly basis. Approximately 43% of these institutions reportedly experience breaches or attacks frequently, revealing ongoing vulnerabilities within the education sector.
Cyberattacks in UK Higher Education
The latest Cyber Signals Report from Microsoft highlights that universities are appealing targets for cybercriminals, facing an average of 2,507 attempted attacks each week. Various threats are identified in the report, including malware, vulnerabilities associated with Internet of Things (IoT) devices, and phishing schemes. The education sector is categorized as the third most targeted industry, following manufacturing and retail.
Key Vulnerabilities and Risks
Key vulnerabilities within universities are linked to email systems and network infrastructures. The necessity for continuous communication exposes these institutions to heightened risks, as they are more likely to experience external user attacks. The report suggests that educational bodies often lack comprehensive cybersecurity budgets, making them particularly attractive targets for data exfiltration efforts motivated by ransom.
Ransom Payments and Operational Continuity
Further findings reveal that many educational institutions have paid higher ransoms than the amounts initially demanded by hackers. A notable 67% of IT leaders in higher education reported paying more than the original ransom requests, often driven by the need to maintain operational continuity.
Threats from Nation-State Actors
Microsoft also identifies nation-state actors as significant threats, specifically mentioning Iranian groups, such as Peach Sandstorm and Mint Sandstorm, which have utilized social engineering tactics against educational institutions. Davis McMorries, Chief Information Security Officer at Oregon State University, commented on the increasing severity of these cyber threats within the higher education sector. The report underscores that the industry faces approximately 15,000 malicious QR code emails daily, highlighting the persistent cyber vulnerabilities that educational institutions must navigate.
(Source: TechRadar)