Schools and higher educational institutions have long been a target for cybercriminals and attacks are on the increase. Educational institutions store large amounts of sensitive data on their students, which can include health and financial data – information that can be easily monetized. The data can be sold on the dark web to identity thieves and can be used for a range of fraudulent purposes.

Like the healthcare sector, which is also extensively targeted by malicious actors, educational institutions often have a complex mix of modern and legacy IT systems and securing those systems can be a challenge while ensuring they remain accessible to authorized individuals, especially when there is often a limited budget for cybersecurity. There are also non-technical vulnerabilities. Schools employ a diverse range of individuals including teaching and support staff and networks are accessed by students of a range of ages. Cybersecurity awareness can vary greatly among network users.  The combination of vulnerabilities means the sector is relatively easy to attack.

According to a recent report from Microsoft, schools in the United States are being used by malicious actors to test their tactics, techniques, and procedures. Microsoft Threat Intelligence data indicates education is the third-most targeted sector in the United States and attacks are also increasing in the United Kingdom, especially higher education institutions where 43% of surveyed institutions said they experience a cyberattack or data breach at least weekly. In Q2, 2024, the education sector was also on a par with healthcare, information technology, telecommunications, consumer retail, and transportation sectors for ransomware attacks, each accounting for 11% of attacks in the quarter.

It is not only cybercriminal groups that target the education sector. Several state-sponsored hacking groups are targeting universities to gain access to connections and steal IP. Universities are commonly engaged in cutting-edge research and often work closely with government agencies. Nation state hacking groups target intellectual property to further research in their native countries, and it can be a lot easier to target individuals in the education sector and use their accounts to pivot to attack their contacts, which may include high-level individuals in a range of private sector industries, as well as the defense sector.

Microsoft has tracked attacks on the education sector by Iranian threat groups such as Mint Sandstorm and Peach Sandstorm, both of which conduct sophisticated phishing and social engineering attacks. North Korean hacking groups also target the U.S. education sector, with groups tracked by Microsoft as Emerald Sleet and Moonstone Sleep using novel techniques to install malware to gain access to the networks of educational institutions.

While vulnerabilities in software and operating systems can be exploited, phishing and social engineering attacks are much more commonly used to steal credentials and install malware, so it is essential that educational institutions have robust defenses against these types of attacks.

Advanced anti-spam software is essential for blocking phishing and social engineering attacks. In independent tests, SpamTitan has been shown to block 100% of malware thanks to twin antivirus engines and email sandboxing, and 99.99% of spam and phishing emails thanks to a barrage of checks and tests, including machine learning and AI-driven detection.

Many threats are delivered via the Internet, so it is vital to block access to malicious sites. WebTitan is a DNS-based web filtering solution for educational institutions that blocks access to malicious sites, prevents malware downloads from the Internet, and is used by schools to restrict the types of websites that staff and students can access to better protect students from harmful web content and comply with government regulations.

Security awareness training is also important to improve human defenses. TitanHQ’s SafeTitan training platform allows educational institutions to easily create training courses for staff and students, and test knowledge of social engineering and phishing through an easy-to-use phishing simulator.

Cybercriminals and nation state actors are likely to continue to target the education sector, so it is important to have the right defenses in place. Give the TitanHQ team a call today to find out more about improving your defenses against increasingly sophisticated cyber threats.