Select Page

Widely touted as one of the most comprehensive sources of information for cybersecurity threats, the Verizon Data Breach Investigations Report is back with a bang. In it’s 10th edition, the report analyzes over 40,000 incidents (including 1,935 confirmed data breaches), and details findings by industry and incident classification patterns.

Educational services was listed, and it’s not exactly pretty. Follow the Arrow Payments team as we dissect all 72 pages of the report and share what’s most important for you to know to keep your campus payments system from being breached.

Good with the bad

When it comes to industry trends, the 2017 report weaved a compelling tale in terms of the who, what, where, and how of data breaches. For education, distributed denial-of-service (DDoS) was the most common incident pattern, executed primarily through hacking, social engineering, and/or malware installation. Compared with other industries, education came 4th on the list for median DDoS size (bps) by industry at 997M, following finance, retail, and information.

Now for the sliver of good news: education ranked the lowest for a measure of susceptibility to phishing attacks. Out of the 8 industries listed, education had the lowest median click rate per phishing campaign by industry at 6.18%, with the highest being manufacturing (13.35%), information (10.76%), and retail (10.66%).

A cold war with big mistakes

If there were two prevailing cybersecurity themes for educational services in the last few years, it would be cyber-espionage and errors. State-sponsored hackers have identified university research as an immensely valuable, low-hanging fruit, and the numbers confirm the story. From 2012 to 2016, cyber-espionage has more than quintupled (5x), now present in 26% of breaches. Closely behind were miscellaneous errors at 22%, crossing web app attacks off the list for historically dominant breach types.

What’s at stake

The report goes on to acknowledge the unique challenges the industry faces due to a culture that prides itself on an open exchange of information, and a diverse student body with a varying set of “technical skills and curiosity”. However, it’s important to remember what’s at stake when data is left unprotected. Over half of the breaches reported involved the compromise of stored student and employee information, and just over a quarter resulted in the disclosure of intellectual property.

Practice makes permanent

Developing a university-wide response plan and practicing it biannually is the first step to mitigate breaches . But even this is easier said than done. We know this because we’ve done it before (and we’re confident that we can do it again).

Learn how our team can take the weight off your shoulders and do the heavy lifting to make your university secure.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Digitizing Payments for Higher Education 

Digitizing Payments for Higher Education 

Digitizing payments for higher education is essential as online payments are pervasive. Digital payments penetration reached 89% last year. What’s more, the number of people who report using at least two types of digital payments has grown from 51% in 2021 to 62% in...

Evaluating Higher Education Vendor Security Risks

Evaluating Higher Education Vendor Security Risks

Higher education vendor security risks must take center stage for colleges and universities. Schools work with dozens of third-party vendors that pose serious security vulnerabilities. When it comes to payments vendors, the stakes are higher.  Without a solid vendor...

University Incident Response Planning Guide

University Incident Response Planning Guide

Cyberattacks have become an unfortunate reality for many institutions, including colleges and universities. A 2023 SonicWall report highlights how malware attacks against colleges and universities increased significantly between 2021 and 2022.  Higher education...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery