Education under (cloud) attack

Netwrix has published additional findings for the education sector from its global 2022 Cloud Data Security Report.

The survey revealed that 47 per cent of educational institutions suffered a cyberattack onto their cloud infrastructure within the last 12 months. For 27 per cent of them, incidents in the cloud were associated with unplanned expenses to fix security gaps.

“Educational institutions are keen to broaden their cloud adoption: The sector expects to have 56 per cent of the workload to be in the cloud by the end of 2023, compared to this year’s 44 per cent,” comments Dirk Schrader, VP of security research at Netwrix. “But without proper visibility into who has access to sensitive data and when and how that data is being used, IT teams will not be able to proactively mitigate data overexposure and spot suspicious behavior in the cloud.”

83 per cent of educational organisations confirmed they store sensitive data in the cloud. With educators and students constantly sharing that information, they are more concerned about insider threats than other industries. 48 per cent of respondents in this sector consider cybersecurity risks associated with their own employees to be the biggest ones.

“The educational sector has a good reason to be concerned about insider threats since 42 per cent of them experienced account compromise attacks in 2022 compared to the average of 31per cent from the other industries surveyed. Accordingly, their IT teams should pay closer attention to identity and access management by implementing a zero standing privilege approach and enforcing strong password policies,” adds Schrader.