The US Education Sector Is Under Siege

Uploaded on 2024-09-13 in NEWS-Cybersecurity News, FREE TO VIEW

Netwrix, a cyber security that delivers effective cyber security services to any organisation, has surveyed 1,309 IT and security professionals globally and recently released their findings for the educational sector based on the data collected.

It reveals that 77% of organisations in the education sector spotted a cyberattack on their infrastructure within the last 12 months, up from 69% in 2023. 

The most common attack vectors were similar to those among other industries: Phishing, user account compromise, and ransomware or other malware attacks. In the education sector, almost half (47%) of organisations faced unplanned expenses to fix security gaps because of a security incident. 

Moreover, one in seven of those organisations incurred compliance fines, and each tenth reported changes in senior leadership and lawsuits. “An incident can reveal security gaps such as excessive admin privileges, dormant accounts, weak or unchanged passwords, default passwords or configurations, and unpatched systems due to negligence or lack of knowledge... Fixing a gap might not immediately require spending additional money but will definitely require time from the IT security team."

“In other words, addressing the root cause of a security incident results in additional investment, in either money or effort, or both,” says Dirk Schrader, VP of Security Research and Field CISO EMEA at Netwrix.

In the aftermath of a breach, organisations must prioritise remediation steps to reduce risks moving forward. For example, the immediate response may include patching software on the most critical servers and adding a manual review step on certain operations.  

“Longer-term remediation may have to wait for the next budget cycle and require additional software, services engagement, or headcount,” commented s Ilia Sotnikov, Security Strategist at Netwrix.

Netwrix   |    Dark Reading   |   

Image: Tumisu

You Might Also Read: 

Dealing With Security Incidents In The Enterprise Sector:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Who Are The Top 10 Cyber Security Companies?
Who Are The Top 10 Cyber Security Companies? [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) handles security incidents on forskningsnettet, the National Research and Education Network (NREN) in Denmark.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet is a network of companies who collaborate to address skills needs within the technology sector.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.

Obviam

Obviam

Obviam specialize in providing security solutions tailored to meet the unique needs of each of our clients, no matter where they are in their security journey.