Universities Are Exposing Their Students To Cyber Threats

Uploaded on 2023-04-04 in JOBS-Training, FREE TO VIEW

Universities face a constant deluge of cyber attacks according to new research from Proofpoint. It says that universities in the US are currently most at risk with the poorest levels of protection, followed by the UK, and Australia. These universities are “lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks,” Proofpoint say.

In particular, Proofpoint found that 97% of the top ten universities across these counties are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. 

This id based on Proofpoint's analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records. DMARC is an established email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination. 

Universities and other academic institutions store large amounts of sensitive data, including personal information about students and staff information, which makes them prime targets for cyber criminals. If left unprotected, this data could be exploited for financial gain or other malicious purposes. 

Cyber criminals use social engineering to convince people to open attachments or click on links. No matter what technology you put in place, some users will still fall victim. Essentially, this means that the biggest cyber security threat within any organisation is its own staff.

None of the top universities in any of the countries had the required level of protection enabled, the report found.
The full findings of Proofpoint's DMARC analysis show:

 

  • None of the top US and UK universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
  • Five of the top ten US universities do not publish any level of DMARC record.
  • 65% of the top US and UK universities had a base level of DMARC protection (Monitor and Quarantine) in place.
  • 17 (57%) of all surveyed universities implemented a Monitor policy, while only four (13%) of the 30 universities implemented a Quarantine policy.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare... This, unfortunately, makes these institutions a highly attractive target for cybercriminals” commented Ryan Kalember, EVP for Cybersecurity Strategy at Proofpoint.

The rapid transition to remote learning driven by Covid--19 has increased the cyber security challenges that universities face, exposing students to significant risks from phishing attacks. 

The constantly changing student population, combined with a culture of openness and information-sharing, can conflict with the rules and controls needed to effectively protect universities, their users and systems, from attack.

Proofpoint:       Gov.UK:       I-HLS:      TopTal:      FEWeek:     Kon Briefing

You Might Also Read: 

Education Should Focus On Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Honeypot Sting Exposes British Cyber Criminals
AI Revolution: The Future Is Here, Now »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Security Innovation Network (SINET)

Security Innovation Network (SINET)

SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

Elixirr

Elixirr

Elixirr is an award-winning global consulting firm working with clients across a diverse range of markets, industries and geographies.

Ory Corp

Ory Corp

Ory's IAM/CIAM solutions are designed to empower businesses with the tools they need to protect their users, services and things, and maintain compliance.