Universities Are Exposing Their Students To Cyber Threats

Uploaded on 2023-04-04 in JOBS-Training, FREE TO VIEW

Universities face a constant deluge of cyber attacks according to new research from Proofpoint. It says that universities in the US are currently most at risk with the poorest levels of protection, followed by the UK, and Australia. These universities are “lagging on basic cyber security measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks,” Proofpoint say.

In particular, Proofpoint found that 97% of the top ten universities across these counties are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. 

This id based on Proofpoint's analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records. DMARC is an established email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination. 

Universities and other academic institutions store large amounts of sensitive data, including personal information about students and staff information, which makes them prime targets for cyber criminals. If left unprotected, this data could be exploited for financial gain or other malicious purposes. 

Cyber criminals use social engineering to convince people to open attachments or click on links. No matter what technology you put in place, some users will still fall victim. Essentially, this means that the biggest cyber security threat within any organisation is its own staff.

None of the top universities in any of the countries had the required level of protection enabled, the report found.
The full findings of Proofpoint's DMARC analysis show:

 

  • None of the top US and UK universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
  • Five of the top ten US universities do not publish any level of DMARC record.
  • 65% of the top US and UK universities had a base level of DMARC protection (Monitor and Quarantine) in place.
  • 17 (57%) of all surveyed universities implemented a Monitor policy, while only four (13%) of the 30 universities implemented a Quarantine policy.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare... This, unfortunately, makes these institutions a highly attractive target for cybercriminals” commented Ryan Kalember, EVP for Cybersecurity Strategy at Proofpoint.

The rapid transition to remote learning driven by Covid--19 has increased the cyber security challenges that universities face, exposing students to significant risks from phishing attacks. 

The constantly changing student population, combined with a culture of openness and information-sharing, can conflict with the rules and controls needed to effectively protect universities, their users and systems, from attack.

Proofpoint:       Gov.UK:       I-HLS:      TopTal:      FEWeek:     Kon Briefing

You Might Also Read: 

Education Should Focus On Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Honeypot Sting Exposes British Cyber Criminals
AI Revolution: The Future Is Here, Now »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.