Verizon breaks down data security
Verizon recently released its 2019 Data Breach Investigations Report (DBIR), which looked at 41,686 security incidents. Of those, 2,013 were confirmed data breaches. The report deep dives into the evolution of the threat landscape, who is perpetrating attacks, the top attack types, and assets affected by breaches.
The report provides a thorough window of analysis into multiple industries and how each is impacted by breaches. The Educational Services industry is especially important to us (and you!), so we’ve summarized the findings below.
According to the report, financial gain remains the top motive driving data breaches. Many breaches open the door for opportunistic bad actors to compromise a wide set of victims to their financial benefit. Not to be outdone, espionage is also a favorite among criminals, with one-quarter of breaches attributed to this motive.
The education services breach footprint
Denial-of Service (DoS) attacks are sweeping the education industry, accounting for more than half of all incidents. These cyber-attacks result in networks becoming unavailable for intended users when hackers disrupt host services. Of the incidents Verizon looked at across industries, education experienced 382 incidents, and 99 of those incidents had confirmed data disclosure. The motive behind the majority of these attacks was overwhelmingly (80%) for financial gain, though 11% could be attributed to espionage and 4% were for good old-fashioned fun.
Education demonstrates a pattern when it comes to breaches: Miscellaneous Errors (e.g. misdelivery or publishing errors), Web Application Attacks, and Everything Else. Combined, these top three patterns of breaches represent 80% of breaches within education services.
Web Application Attacks should be of particular importance to those in the education vertical; they accounted for about 25%. This can largely be attributed to phishing schemes that target cloud-based email services and send users to fake login pages. Institutions that leverage these services need to button it up via 2-factor authentication. In terms of types of data compromised in breaches, personal data takes the cake at 55%, closely followed by credentials (53%), and Internal data(35%).
Checks and balances
There are things educational institutions can do to keep their data safe, from standardizing protocol to threat modeling and multi-factor authentication. Consider where your institution may have some work to do in the following:
Clean it up
Bad security hygiene is the number one offender when it comes to breaches in education services. Training and standard operating procedures can assist in minimizing human error, but institutions also need to implement a baseline level of security. Web servers and other keepers of sensitive data must be protected and should be using multi-factor authentication.
Know your enemy
How and by whom you get attacked may at times be related to who you partner with and the data available. Higher education institutions that may be working with tech companies, government agencies, or research centers may face a greater degree of espionage-related attacks than, say, a high school. In any event, if you have personally identifiable information (PII) for students, staff, and faculty—secure it.
Many of the threats within education are not novel or unique to the industry. Phishing scams and DoS attacks plague almost every sector. Securing email is a best practice that applies to everyone. The bottom line is that education needs to focus on threat modeling and addressing these known threats.
Find a security partner you trust
Higher education institutions make a hot target for data breaches. In many cases, universities could use some outside help.
Arrow Payments specializes in partnering with institutions to secure and protect sensitive data—and maintain PCI compliance. We work with your treasury department and compliance team to implement systems and tools that secure payment systems across your entire campus.
Contact us today to learn how we can help you create a sound strategy for a secure future.