What were the most common cyber attack patterns in higher education in 2023?
In support of Cybersecurity Awareness Month, we are examining reported incidents by industry. The focus of this article will be on the educational services sector.
With a wealth of student, staff and faculty data and countless entry points from student record databases, third-party vendors and web-facing assets, the educational services industry is teeming with opportunities for threat actors to extort higher and lower educational institutions for financial gain.
In fact, the Verizon 2023 Data Breach Investigations Report (Verizon DBIR) found that 92% of the reported incidents were financially motivated and 56% targeted personal data.
So, what were the most common cybersecurity attack methods in the educational services industry in 2023?
According to the 2023 Verizon DBIR, 76% of all reported incidents in the educational services industry were from system intrusion, miscellaneous errors or social engineering.
System Intrusion and the Educational Services Industry
Earlier this summer, the MOVEit data breach devastated the higher education sector, targeting over 3,000 colleges in the U.S. and stealing at least 38 million individual student records. So, it should come as no surprise that system intrusion is the number one cyber attack method used to target educational service providers in 2023.
System intrusions involve cases where a threat actor uses technological means to gain unauthorized access to a system or database. Though it is mainly reported as hacking or deploying malware, this attack method also includes ransomware-related activities, which are a growing issue for educational institutions and have been involved in almost one-third of all educational services industry breaches this year, according to the Verizon DBIR.
Miscellaneous Errors and the Educational Services Industry
Attackers are always up to something new, and, sometimes, an attack doesn’t fall under a specific category.
In the educational services world, miscellaneous errors commonly take the form of mis-delivery, publishing errors and misconfigurations. Mis-delivery occurs when an employee sends personally identifiable information to an unintended recipient via email or another communications channel.
Publishing errors happen when someone publishes confidential data on a public forum such as a website, either by mistake or for retaliation (someone who was recently fired, has a major disagreement with their manager, etc.). And, last but not least, misconfigurations occur when assets are poorly protected, allowing for unwanted access. This is why it’s extremely important to regularly update software and have strong security policies surrounding the lifecycle management (access, retention deletion, etc.) of sensitive data.
Social Engineering and the Educational Services Industry
While awareness of social engineering schemes is growing, many still fall victim to threat actors using phishing attacks and pretexting scenarios to manipulate them into providing sensitive information. In the context of the educational services industry, threat actors are capitalizing on phishing (via email), vishing (via phone call) and smishing (via text message) attacks to gain access to the sensitive and valuable information of students, faculty and staff.
Another growing type of attack method that falls under the social engineering category is pretexting scenarios, which can be a multitude of methods but usually take the form of psychological manipulation, impersonation or personalized messages using urgent and convincing language to trick someone into providing access to student databases with bank account data; institutional network information; or student, faculty and staff credentials.
This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. Additional articles include:
- Protect Your Financial and Insurance Data: 3 Common Cyber Attack Methods to Watch Our for in 2023
- Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Protect Your Patients and Their Data: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Cybersecurity Awareness Month Celebrates 20 Years
It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.
About Cybersecurity Awareness Month
Since 2004, the United States and Congress have recognized October as Cybersecurity Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. The year marks the 20th year anniversary of Cybersecurity Awareness Month and this year’s campaign, Secure Our World, focuses on four ways to protect yourself, your family and your business from online threats.
Related Resources
- CISA – Secure Our World Homepage
- CISA – 4 Things You Can Do To Keep Yourself Cyber Safe
- Schneider Downs Cybersecurity Resource Library
- Verizon 2023 Data Breach Investigations Report
About Cybersecurity Awareness Month
Since 2004, the United States and Congress have recognized October as Cybersecurity Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. The year marks the 20th year anniversary of Cybersecurity Awareness Month and this year’s campaign, Secure Our World, focuses on four ways to protect yourself, your family and your business from online threats.
Related Resources
- CISA – Secure Our World Homepage
- CISA – 4 Things You Can Do To Keep Yourself Cyber Safe
- Schneider Downs Cybersecurity Resource Library
- Verizon 2023 Data Breach Investigations Report
Related Resources
- CISA – Secure Our World Homepage
- CISA – 4 Things You Can Do To Keep Yourself Cyber Safe
- Schneider Downs Cybersecurity Resource Library
- Verizon 2023 Data Breach Investigations Report
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
