Universities Are Exposing Their Students To Cyber Threats

Uploaded on 2023-04-04 in JOBS-Training, FREE TO VIEW

Universities face a constant deluge of cyber attacks according to new research from Proofpoint. It says that universities in the US are currently most at risk with the poorest levels of protection, followed by the UK, and Australia. These universities are “lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks,” Proofpoint say.

In particular, Proofpoint found that 97% of the top ten universities across these counties are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. 

This id based on Proofpoint's analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records. DMARC is an established email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination. 

Universities and other academic institutions store large amounts of sensitive data, including personal information about students and staff information, which makes them prime targets for cyber criminals. If left unprotected, this data could be exploited for financial gain or other malicious purposes. 

Cyber criminals use social engineering to convince people to open attachments or click on links. No matter what technology you put in place, some users will still fall victim. Essentially, this means that the biggest cyber security threat within any organisation is its own staff.

None of the top universities in any of the countries had the required level of protection enabled, the report found.
The full findings of Proofpoint's DMARC analysis show:

 

  • None of the top US and UK universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
  • Five of the top ten US universities do not publish any level of DMARC record.
  • 65% of the top US and UK universities had a base level of DMARC protection (Monitor and Quarantine) in place.
  • 17 (57%) of all surveyed universities implemented a Monitor policy, while only four (13%) of the 30 universities implemented a Quarantine policy.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare... This, unfortunately, makes these institutions a highly attractive target for cybercriminals” commented Ryan Kalember, EVP for Cybersecurity Strategy at Proofpoint.

The rapid transition to remote learning driven by Covid--19 has increased the cyber security challenges that universities face, exposing students to significant risks from phishing attacks. 

The constantly changing student population, combined with a culture of openness and information-sharing, can conflict with the rules and controls needed to effectively protect universities, their users and systems, from attack.

Proofpoint:       Gov.UK:       I-HLS:      TopTal:      FEWeek:     Kon Briefing

You Might Also Read: 

Education Should Focus On Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Honeypot Sting Exposes British Cyber Criminals
AI Revolution: The Future Is Here, Now »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

RangeForce

RangeForce

RangeForce delivers the only integrated cybersecurity simulation and skills analysis platform that combines a virtual cyber range with hand-on training.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.