Select Page

Verizon breaks down data security

Verizon recently released its 2019 Data Breach Investigations Report (DBIR), which looked at 41,686 security incidents. Of those, 2,013 were confirmed data breaches. The report deep dives into the evolution of the threat landscape, who is perpetrating attacks, the top attack types, and assets affected by breaches.

The report provides a thorough window of analysis into multiple industries and how each is impacted by breaches. The Educational Services industry is especially important to us (and you!), so we’ve summarized the findings below.

According to the report, financial gain remains the top motive driving data breaches. Many breaches open the door for opportunistic bad actors to compromise a wide set of victims to their financial benefit. Not to be outdone, espionage is also a favorite among criminals, with one-quarter of breaches attributed to this motive.

The education services breach footprint

Denial-of Service (DoS) attacks are sweeping the education industry, accounting for more than half of all incidents. These cyber-attacks result in networks becoming unavailable for intended users when hackers disrupt host services. Of the incidents Verizon looked at across industries, education experienced 382 incidents, and 99 of those incidents had confirmed data disclosure. The motive behind the majority of these attacks was overwhelmingly (80%) for financial gain, though 11% could be attributed to espionage and 4% were for good old-fashioned fun.

Education demonstrates a pattern when it comes to breaches: Miscellaneous Errors (e.g. misdelivery or publishing errors), Web Application Attacks, and Everything Else. Combined, these top three patterns of breaches represent 80% of breaches within education services.

Web Application Attacks should be of particular importance to those in the education vertical; they accounted for about 25%. This can largely be attributed to phishing schemes that target cloud-based email services and send users to fake login pages. Institutions that leverage these services need to button it up via 2-factor authentication. In terms of types of data compromised in breaches, personal data takes the cake at 55%, closely followed by credentials (53%), and Internal data(35%).

Checks and balances

There are things educational institutions can do to keep their data safe, from standardizing protocol to threat modeling and multi-factor authentication. Consider where your institution may have some work to do in the following:

Clean it up

Bad security hygiene is the number one offender when it comes to breaches in education services. Training and standard operating procedures can assist in minimizing human error, but institutions also need to implement a baseline level of security. Web servers and other keepers of sensitive data must be protected and should be using multi-factor authentication.

Know your enemy

How and by whom you get attacked may at times be related to who you partner with and the data available. Higher education institutions that may be working with tech companies, government agencies, or research centers may face a greater degree of espionage-related attacks than, say, a high school. In any event, if you have personally identifiable information (PII) for students, staff, and faculty—secure it.

Standardize security

Many of the threats within education are not novel or unique to the industry. Phishing scams and DoS attacks plague almost every sector. Securing email is a best practice that applies to everyone. The bottom line is that education needs to focus on threat modeling and addressing these known threats.

Find a security partner you trust

Higher education institutions make a hot target for data breaches. In many cases, universities could use some outside help.

Arrow Payments specializes in partnering with institutions to secure and protect sensitive data—and maintain PCI compliance. We work with your treasury department and compliance team to implement systems and tools that secure payment systems across your entire campus.  

Contact us today to learn how we can help you create a sound strategy for a secure future.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

The Evolution of Higher Education Cyber Attacks

The Evolution of Higher Education Cyber Attacks

Higher education faces unique challenges when it comes to cybersecurity. Data breaches and ransomware attacks continue to plague colleges and universities, though most have taken steps to combat these threats. Even so, a recent report by cybersecurity company...

Guarding Against Payments Fraud

Guarding Against Payments Fraud

Payments fraud is a serious and ongoing challenge for treasury practitioners, requiring an increasing amount of vigilance and foresight. According to the 2023 AFP Payments Fraud and Control Survey, 65% of organizations reported being victims of payments fraud in 2022,...

Cultivating Emotional Intelligence in Leadership

Cultivating Emotional Intelligence in Leadership

We’ve discussed how emotional intelligence (EQ) makes you better at business. We’ve even talked about how EQ and payments are tied together. This article explores why EQ is crucial for leaders to possess. Yes, technical skills and a strategic mindset are valuable...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery