Universities Are Exposing Their Students To Cyber Threats

Universities face a constant deluge of cyber attacks according to new research from Proofpoint. It says that universities in the US are currently most at risk with the poorest levels of protection, followed by the UK, and Australia. These universities are “lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks,” Proofpoint say.

In particular, Proofpoint found that 97% of the top ten universities across these counties are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. 

This id based on Proofpoint's analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records. DMARC is an established email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination. 

Universities and other academic institutions store large amounts of sensitive data, including personal information about students and staff information, which makes them prime targets for cyber criminals. If left unprotected, this data could be exploited for financial gain or other malicious purposes. 

Cyber criminals use social engineering to convince people to open attachments or click on links. No matter what technology you put in place, some users will still fall victim. Essentially, this means that the biggest cyber security threat within any organisation is its own staff.

None of the top universities in any of the countries had the required level of protection enabled, the report found.
The full findings of Proofpoint's DMARC analysis show:

 

  • None of the top US and UK universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
  • Five of the top ten US universities do not publish any level of DMARC record.
  • 65% of the top US and UK universities had a base level of DMARC protection (Monitor and Quarantine) in place.
  • 17 (57%) of all surveyed universities implemented a Monitor policy, while only four (13%) of the 30 universities implemented a Quarantine policy.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare... This, unfortunately, makes these institutions a highly attractive target for cybercriminals” commented Ryan Kalember, EVP for Cybersecurity Strategy at Proofpoint.

The rapid transition to remote learning driven by Covid--19 has increased the cyber security challenges that universities face, exposing students to significant risks from phishing attacks. 

The constantly changing student population, combined with a culture of openness and information-sharing, can conflict with the rules and controls needed to effectively protect universities, their users and systems, from attack.

Proofpoint:       Gov.UK:       I-HLS:      TopTal:      FEWeek:     Kon Briefing

You Might Also Read: 

Education Should Focus On Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Honeypot Sting Exposes British Cyber Criminals
AI Revolution: The Future Is Here, Now »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

SISA

SISA

SISA is a payment security specialist providing payment security assurance services, training and products to over 1,000 customers across the globe.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

The Cyber Security Place

The Cyber Security Place

The Cyber Security Place is dedicated to collecting and disseminating pertinent Cyber Security matters threatening financial and business operations of companies around the globe.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Kobalt.io

Kobalt.io

Kobalt are bringing the monitoring capabilities of enterprise-class security teams to smaller organizations.