Widely touted as one of the most comprehensive sources of information for cybersecurity threats, the Verizon Data Breach Investigations Report is back with a bang. In it’s 10th edition, the report analyzes over 40,000 incidents (including 1,935 confirmed data breaches), and details findings by industry and incident classification patterns.
Educational services was listed, and it’s not exactly pretty. Follow the Arrow Payments team as we dissect all 72 pages of the report and share what’s most important for you to know to keep your campus payments system from being breached.
Good with the bad
When it comes to industry trends, the 2017 report weaved a compelling tale in terms of the who, what, where, and how of data breaches. For education, distributed denial-of-service (DDoS) was the most common incident pattern, executed primarily through hacking, social engineering, and/or malware installation. Compared with other industries, education came 4th on the list for median DDoS size (bps) by industry at 997M, following finance, retail, and information.
Now for the sliver of good news: education ranked the lowest for a measure of susceptibility to phishing attacks. Out of the 8 industries listed, education had the lowest median click rate per phishing campaign by industry at 6.18%, with the highest being manufacturing (13.35%), information (10.76%), and retail (10.66%).
A cold war with big mistakes
If there were two prevailing cybersecurity themes for educational services in the last few years, it would be cyber-espionage and errors. State-sponsored hackers have identified university research as an immensely valuable, low-hanging fruit, and the numbers confirm the story. From 2012 to 2016, cyber-espionage has more than quintupled (5x), now present in 26% of breaches. Closely behind were miscellaneous errors at 22%, crossing web app attacks off the list for historically dominant breach types.
What’s at stake
The report goes on to acknowledge the unique challenges the industry faces due to a culture that prides itself on an open exchange of information, and a diverse student body with a varying set of “technical skills and curiosity”. However, it’s important to remember what’s at stake when data is left unprotected. Over half of the breaches reported involved the compromise of stored student and employee information, and just over a quarter resulted in the disclosure of intellectual property.
Practice makes permanent
Developing a university-wide response plan and practicing it biannually is the first step to mitigate breaches . But even this is easier said than done. We know this because we’ve done it before (and we’re confident that we can do it again).
Learn how our team can take the weight off your shoulders and do the heavy lifting to make your university secure.