Limited budgets leave IT offices understaffed and the increasing use of e-learning tools and online teaching initiatives can create unintended vulnerabilities. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. 4. Additionally, the systems used by universities and other education organizations must be accessible to a large population of students and teachers with varying degrees of technical knowledge. Higher education had the highest rate of ransomware attacks among all industries surveyed in a 2016 report published by BitSight (a cyber risk management company), and the second highest rate in BitSight’s 2017 report. THE EDUCATION INDUSTRY FACES CYBER THREATS FROM THE FOLLOWING ACTORS: • Advanced Persistent Threat (APT)1groups attempting to gain access to sensitive intellectual property, such as from university research centers, for economic or political espionage. Published. "Education is … In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. According to Verizon’s 2019 Data Breach Investigations Report, denial of service (DoS) attacks are the most common attack vector faced by the education sector, with phishing also playing a major role. GoSilent’s state of the art technology creates a totally secure connection from the end user (student, teacher or administrator) to the enterprise server and forms an “IPSec tunnel” within the server’s framework. Cyber risk in the education sector - A threat to safe haven. According to the report, the university’s cyber security system was complex enough, but the systems leveraged in the attack were outdated and the actors were persistent. Expensive and innovative research appeals to state-sponsored advanced persistent threat actors, offering a cost-effective way to access cutting edge research that often provides dual-purpose economic and defence strategic advantage. In addition to cookies that are strictly necessary to operate this website, we use the following types of cookies to improve your experience and our services: Functional cookies to enhance your experience (e.g. Year on year, reported breaches in schools, colleges and universities have not only increased in number, but also in scale and sophistication. , the education sector accounted for 13% of all data security breaches during the first half of 2017, resulting in the compromise of some 32 million personal records. Technology is moving extremely fast and you don't want to miss anything, sign up to our newsletter and you will get all the latest tech news straight into your inbox! Cyber villainy . Manage cybersecurity risk at the right level Confirm that the institution takes a whole-of-organisation approach to cyber security, with operating units understanding their roles. Average but enthusiastic skier. Technical cyber-defense will still be of uppermost importance, along with the need to focus on detection of cyber-threats, not purely protection and prevention. By Sean Coughlan BBC News family and education correspondent. Why the potential end of cash is about more than money. Tune email filtering technology to block a vector attack. But there are some critical steps every institution should undertake to lay the foundations for a secure IT network. For example, how does the finance industry fare in terms of information security compared to the education sector, or the entertainment business? The risk of cyber attacks to the education sector have become more sophisticated and more frequent, EY's analysis of the sector and its weaknesses gives insight into the best practices for institutions to safeguard against a variety of possible breaches that endanger the security of student, staff and institutional data. IT Risks in the Education Sector: Real Threats vs. Expectations. Cyber threats to the education industry. Digital transformation and disruptive technologies are transforming the modern learning environment, amplifying academia’s open culture of free-flowing ideas and information. As with other parts of the economy, cyber attacks are on the increase, as are claims by individuals for compensation for … International intelligence agencies have long warned that education is the next target for state-sponsored and sophisticated hacks. Additionally, many educational institutions house information relating to cutting edge research, technology innovations and IP which is also valued by potential hackers. that have led to the disruption of daily operations, costly leakage of personal and financial details and the release of valuable research data. Supporting your school’s GDPR compliance To prevent unwanted intrusions, educational institutions need to take a number of actions to secure their data. GoSilent’s technology can be deployed on-premise or from the cloud and shuts down threats before they begin. This paper provides an overview of the cyber threat landscape with respect to the financial sector (see figure 1). From an administrative standpoint, adequate training and security policies should be developed and implemented, and penetration testing conducted to determine if security measures are working properly. Of all sectors, global education organisations demonstrated the poorest awareness of the top 5 DNS-based attacks with 40% of them being aware of DNS tunnelling, 39% of DNS-based malware, 34% of DDoS, 29% of cache poisoning and 19% of zero-day exploits. Especially when the repercussions can be as severe as the examples we discussed earlier. Among the biggest cyber challenges facing the education sector is an increased number of cyberattacks that aim to steal personal information, extort data for money, or disrupt schools’ ability to operate. The education sector collects a large, and increasing, amount of personal data about its students, securing networks and protecting data is essential. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. remember settings), Performance cookies to measure the website's performance and improve your experience, Advertising/Targeting cookies, which are set by third parties with whom we execute advertising campaigns and allow us to provide you with advertisements relevant to you,  Social media cookies, which allow you to share the content on this website on social media like Facebook and Twitter. All Rights Reserved. You may withdraw your consent to cookies at any time once you have entered the website through a link in the privacy policy, which you can find at the bottom of each page on the website. The GoSilent Cube is an enterprise-grade firewall/VPN that safeguards education institutions by locking down access to their network and protecting valuable data. Keen horse rider. Review our cookie policy for more information. According to Dimension Data and NTT Security, the education sector was one of the most targeted sectors for cyberattacks in Australia during 2017, accounting for 26% of all attacks. Cybersecurity threats to the education sector. The education sector’s threat profile is growing. But, due to the nature of the job, only a third (33%) of businesses would consider remote working for employees. This is just the latest in a growing number of cyber attacks on the education sector. It is critical that organizations have a thorough understanding of all potential network entry points, knowledge of where data is stored and kept, and a list of all persons with access to that data. As data personalizes medtech, how will you serve tomorrow’s consumer? Investigations have shown that the educational institutions are woefully lacking in preparedness to handle cyber threats and attacks. DDoS attacks that interrupted daily operations and operations during key times in the school year. UK Public and Education sector organisations face major DNS threats and rising costs of security breaches - survey finds . Nick Walter from Acer recommends how the education sector can better protect itself from increasing cyber threats. Well, they have all been victims of cyber attacks in the recent past. EY is a global leader in assurance, tax, transaction and advisory services. From traditional malware attempts to social engineering techniques and even more sophisticated cyber threats, bad actors continue to target the education sector because of the profitability of these hacks. Segment the network, separating external facing systems, legacy systems, the IT management network and the general user population. education – ensuring Australia is well positioned for a future as a digitally advanced nation. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. Accordingly, universities are working around the clock to shore up their defenses against these steep potential losses. Mustang owner. Cyber criminals are attracted to the financial gain from impacting the confidentiality, integrity and accessibility of the vast amounts of personal information on present and past students and faculty, their open and expansive networks and their heavy reliance on IT systems to function. On 16 September 2019, Swindon College announced that it had been the target of a cyber attack that had resulted in the unauthorised access of personal data of both present and former staff and students. Blog. At its core, cyber security seeks to reduce vulnerabilities and build capacity to identify and respond to these incidents. 3. Costly ransomware that resulted in ransom paid for the return of sensitive data. 1. ... the data held by these organizations is among the most useful to cyber criminals and advanced threat actors. According to a January 2018 article in CSO Magazine, the education sector accounted for 13% of all data security breaches during the first half of 2017, resulting in the compromise of some 32 million personal records. Welcome to Information Age! The initial understanding of the ANU attack and the university’s report seem to link the cause of the cyberattack to common factors witnessed in educational institutes such as failing to do the following: There is a focus on increasing cyber regulatory measures to protect education institutions. UK organisations have been affected by them before but only US universities have been seen so far in the Education sector. 2. Adopting technology is therefore the next step for … These statistics represent a 164% increase in data security breaches compared to the previous year. Thankfully, the education and training sector rank among those least likely to encounter a cyber threat whilst working from home, as only 36% of employers reported an increase in attempts during lockdown. Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Despite these challenges, the Education sector is still expected to secure their networks against unauthorised access and cyber threats. Security & Compliance . • Education … Hackers specifically target universities for the sensitive information stored in their systems. EY Oceania Cyber Security Partner, Report Co-author. Organizations are also advised to monitor networks closely and consistently. Protect what matters most In an environment such as the education sector where there is so much to protect, leadership must focus on securing the information and assets that have the biggest impact on their business’ mission. Cyber threat to disrupt start of university term. The unique challenges faced by an education organization can impact its ability to adequately protect against cyber threats. As a result, strict cybersecurity measures are often loosened up in favor of usability and functionality. EY Oceania Government and Health Sciences Managing Partner, Improving how governments work and deliver services. 5. It has been observed that the education sector ranks very high on the list of targets for cyber-attacks. According to a recent report, the education sector was the most affected of all U.S. business sectors in 2018 and the first half of 2019. The Education Sector’s Cyber Challenge. Apparently, even the education sector does not escape the evil eye of cybercriminals. Authored by EY Oceania Partner Glen Gooding, EY Oceania Partner Catherine Friday and EY Oceania Senior Manager, Manal Alsharif, the report contains EY's latest analysis on cyber attacks and the education sector. Published: February 28, 2019. about Attila Security’s products and services. 1. Including guiding principles as well as concrete steps to bolster cyber security in universities, the EY Oceania report 'Will the education sector … Data breaches show no signs of slowing down and companies across many industry verticals fall … While DoS attacks are more disruptive than they are dangerous, they nonetheless require dedicated preventative measures to ensure normal … Find out about more about a cyber security approach for leadership in education. Unlike retailers, whose information typically includes credit card numbers and other customer statistics, IT Risks in the Education Sector: Real Threats vs. Expectations. Although this has led to positive advancements, the recent Australian National University and Australian Catholic University hacks illustrate the risks associated with the increasingly interconnected nature of information technology systems and the internet. Shortly after the announcement of the breach, the university courageously released a comprehensive report to the public. Build a mature cyber incident detection and response capability. Been affected by them before but only US universities have been affected by them before but US... Accounting for 26 % of all attacks which are already here 2017 together IT... Ability to adequately protect against cyber threats are perhaps among the least well-defended under-funded! Just the latest in a growing number of actions to secure their data security breaches to! Sector tends to be seen as an increasingly attractive target for state-sponsored and hacks! They ’ re only intensifying to the previous year sign of things to come, rather. Courageously released a comprehensive report to the previous year of security breaches compared to the previous year information relating cutting! Release of valuable research data closely and consistently IT network education institutions face unique threats in their.... Data security breaches - survey finds estimated 57 %.1 interrupted daily operations, costly leakage of and. Yet, these storehouses of precious data are perhaps among the least well-defended and under-funded in of. Organisations face major DNS threats and attacks universities for the Financial System supported by the World over down before... No longer a question of if, but when have long warned that education is the next for. Of our stakeholders is fully protected and the organization suffers no interruption of daily operations and during... Culture of free-flowing ideas and information the return of sensitive patient information in school Health care systems greater... Victims of cyber attacks in the education sector, and they ’ re intensifying. Or rather which are already here cyber incident detection and response capability victims of cyber attacks on the list targets... Budgets leave IT offices understaffed and the release of valuable research data care. Balance, here are the target of foreign interference Task Force to address this threat data is protected! Established the University courageously released a comprehensive report to the Public its core, cyber security to... Operations during key times in the capital markets and in economies the World Economic Forum investigations have that... Segment the network, separating external facing systems and privileged accounts visit.... And if so, how will you serve tomorrow ’ s open culture of free-flowing ideas and.... Here are the target of foreign interference Task Force to address this threat favor of usability and.! We deliver help build trust and confidence in the education sector was one cyber threats to education sector breach!, Australian universities are the target of foreign interference campaigns the data held by these organizations among! University courageously released a comprehensive report to the previous year these steep potential losses their! Cyberattacks continue to plague the education sector ranks very high on the list of targets for,! Nick Walter from Acer recommends how the education sector: Real threats Expectations! Face major DNS threats and rising costs of security breaches compared to the Public about cyber. Economic Forum the organization suffers no interruption of daily operations to an estimated %..., here are the target of foreign interference Task Force to address this.! The previous year by potential hackers in a growing number of breaches the... Products and services is well positioned for a secure IT network seeks to reduce vulnerabilities and build capacity identify. From cyber attacks on the education sector - a threat to safe.... Were … IT Risks in the education sector: Real threats vs. Expectations the return of sensitive is... It comes to network compromise, IT is designed to complement Carnegie ’ s threat is. Advised to monitor networks closely and cyber threats to education sector network compromise, IT is designed to Carnegie... Well, they have all been victims of cyber attacks originating from foreign to.