Universities Are Exposing Their Students To Cyber Threats

Uploaded on 2023-04-04 in JOBS-Training, FREE TO VIEW

Universities face a constant deluge of cyber attacks according to new research from Proofpoint. It says that universities in the US are currently most at risk with the poorest levels of protection, followed by the UK, and Australia. These universities are “lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks,” Proofpoint say.

In particular, Proofpoint found that 97% of the top ten universities across these counties are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. 

This id based on Proofpoint's analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records. DMARC is an established email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination. 

Universities and other academic institutions store large amounts of sensitive data, including personal information about students and staff information, which makes them prime targets for cyber criminals. If left unprotected, this data could be exploited for financial gain or other malicious purposes. 

Cyber criminals use social engineering to convince people to open attachments or click on links. No matter what technology you put in place, some users will still fall victim. Essentially, this means that the biggest cyber security threat within any organisation is its own staff.

None of the top universities in any of the countries had the required level of protection enabled, the report found.
The full findings of Proofpoint's DMARC analysis show:

 

  • None of the top US and UK universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
  • Five of the top ten US universities do not publish any level of DMARC record.
  • 65% of the top US and UK universities had a base level of DMARC protection (Monitor and Quarantine) in place.
  • 17 (57%) of all surveyed universities implemented a Monitor policy, while only four (13%) of the 30 universities implemented a Quarantine policy.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare... This, unfortunately, makes these institutions a highly attractive target for cybercriminals” commented Ryan Kalember, EVP for Cybersecurity Strategy at Proofpoint.

The rapid transition to remote learning driven by Covid--19 has increased the cyber security challenges that universities face, exposing students to significant risks from phishing attacks. 

The constantly changing student population, combined with a culture of openness and information-sharing, can conflict with the rules and controls needed to effectively protect universities, their users and systems, from attack.

Proofpoint:       Gov.UK:       I-HLS:      TopTal:      FEWeek:     Kon Briefing

You Might Also Read: 

Education Should Focus On Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Honeypot Sting Exposes British Cyber Criminals
AI Revolution: The Future Is Here, Now »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

AnubisNetworks

AnubisNetworks

AnubisNetworks is one of Europe’s leading threat intelligence and email security suppliers.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

C3i Hub

C3i Hub

C3i Hub aims to address the issue of cyber security of cyber physical systems in its entirety, from analysing security vulnerabilities to developing tools and technologies.

PT Prima Cyber Solusi

PT Prima Cyber Solusi

PT Prima Cyber Solusi is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Adaptiva

Adaptiva

Adaptiva, the autonomous endpoint management company, delivers the fastest way to patch and manage endpoints at scale.

National Renewable Energy Laboratory (NREL)

National Renewable Energy Laboratory (NREL)

NREL is transforming energy through research, development, commercialization, and deployment of renewable energy and energy efficiency technologies.