Select Page

Widely touted as one of the most comprehensive sources of information for cybersecurity threats, the Verizon Data Breach Investigations Report is back with a bang. In it’s 10th edition, the report analyzes over 40,000 incidents (including 1,935 confirmed data breaches), and details findings by industry and incident classification patterns.

Educational services was listed, and it’s not exactly pretty. Follow the Arrow Payments team as we dissect all 72 pages of the report and share what’s most important for you to know to keep your campus payments system from being breached.

Good with the bad

When it comes to industry trends, the 2017 report weaved a compelling tale in terms of the who, what, where, and how of data breaches. For education, distributed denial-of-service (DDoS) was the most common incident pattern, executed primarily through hacking, social engineering, and/or malware installation. Compared with other industries, education came 4th on the list for median DDoS size (bps) by industry at 997M, following finance, retail, and information.

Now for the sliver of good news: education ranked the lowest for a measure of susceptibility to phishing attacks. Out of the 8 industries listed, education had the lowest median click rate per phishing campaign by industry at 6.18%, with the highest being manufacturing (13.35%), information (10.76%), and retail (10.66%).

A cold war with big mistakes

If there were two prevailing cybersecurity themes for educational services in the last few years, it would be cyber-espionage and errors. State-sponsored hackers have identified university research as an immensely valuable, low-hanging fruit, and the numbers confirm the story. From 2012 to 2016, cyber-espionage has more than quintupled (5x), now present in 26% of breaches. Closely behind were miscellaneous errors at 22%, crossing web app attacks off the list for historically dominant breach types.

What’s at stake

The report goes on to acknowledge the unique challenges the industry faces due to a culture that prides itself on an open exchange of information, and a diverse student body with a varying set of “technical skills and curiosity”. However, it’s important to remember what’s at stake when data is left unprotected. Over half of the breaches reported involved the compromise of stored student and employee information, and just over a quarter resulted in the disclosure of intellectual property.

Practice makes permanent

Developing a university-wide response plan and practicing it biannually is the first step to mitigate breaches . But even this is easier said than done. We know this because we’ve done it before (and we’re confident that we can do it again).

Learn how our team can take the weight off your shoulders and do the heavy lifting to make your university secure.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

The Evolution of Higher Education Cyber Attacks

The Evolution of Higher Education Cyber Attacks

Higher education faces unique challenges when it comes to cybersecurity. Data breaches and ransomware attacks continue to plague colleges and universities, though most have taken steps to combat these threats. Even so, a recent report by cybersecurity company...

Guarding Against Payments Fraud

Guarding Against Payments Fraud

Payments fraud is a serious and ongoing challenge for treasury practitioners, requiring an increasing amount of vigilance and foresight. According to the 2023 AFP Payments Fraud and Control Survey, 65% of organizations reported being victims of payments fraud in 2022,...

Cultivating Emotional Intelligence in Leadership

Cultivating Emotional Intelligence in Leadership

We’ve discussed how emotional intelligence (EQ) makes you better at business. We’ve even talked about how EQ and payments are tied together. This article explores why EQ is crucial for leaders to possess. Yes, technical skills and a strategic mindset are valuable...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery