When thinking about industries that cybercriminals might target, tertiary education probably isn't the first to come to mind. But according to the last edition of Microsoft's Cyber Signals report, education was the third most targeted industry in the second quarter of this year. The mix of valuable data and inherent vulnerabilities in education systems has caught the eye of various attachers- from those using new malware techniques to nation-state actors involved in traditional espionage.
This is a particular concern for tertiary institutions in Africa, which
is one of the most
targeted regions in the world when it comes to cyberattacks. In fact, a recent
study
of 60 Kenyan universities showed that most of these institutions were
experiencing hacks, while also battling a lack of adequate cybersecurity
policies and controls, including organisational, human, physical and
technological resources.
Just last year a prominent
Moroccan institution of higher learning was hit by a security breach of its
master’s degree nomination platform, while a private
university in Nigeria had its website completely overtaken by hackers.
It's clear that the education industry’s vulnerabilities haven't
gone unnoticed by cybercriminals. According to the Cyber Signals report, in the
past year alone, more than 15,000 emails with malicious QR codes were sent
daily to the sector using Microsoft Office 365 email. This highlights just how
targeted and persistent these threats have become.
There are several reasons why hackers often target the education
sector. Unlike typical enterprises, universities have a diverse group of
users—students, faculty, administration staff, and others. The open and dynamic
nature of university environments, with frequent activities and international
students, makes them particularly vulnerable to cyberattacks.
Email systems in schools offer wide spaces for compromise
This naturally open environment means universities are often more
relaxed about email security. With a lot of emails creating noise in the
system, institutions are limited in how they can place controls because they
need to stay accessible for alumni, donors, and external collaborations. This
mix of openness and lack of controls makes them prime targets for attacks.
Virtual and remote learning have also extended educational
applications into homes and offices. Personal and shared devices, which are
often unmanaged, are everywhere. Students, not always savvy about
cybersecurity, might unknowingly expose their devices to risks.
Legacy infrastructure leaves school systems vulnerable
The tertiary education sector often faces well-known funding and
operational challenges. This means that cutting-edge digital classrooms have to
operate alongside older applications and other IT assets. Managing and
safeguarding these varied systems is tough, especially when it's hard to keep
cybersecurity experts on staff. This combination leaves school systems more
vulnerable to attacks.
Nation-state actors are after valuable IP and high-level
connections
Cybercriminals know that schools handle sensitive, regulated
information and must stay open and accessible, making them targets for
ransomware and extortion.
Universities are hubs for valuable intellectual property and
cutting-edge research, often in collaboration with government agencies. This
makes them attractive to attackers looking to steal or leverage sensitive data.
For example, it can be easier for hackers to initially target
someone in the education sector with ties to the defense sector and then use
that access to launch more convincing phishing attacks on higher-value targets.
Introducing a strong security curriculum
Strengthening security measures can be a daunting and expensive
task for schools, but there are steps they can take to protect themselves.
Having a clear understanding of the threat environment is an
essential place to start. Reports like Cyber Signals are invaluable resources
for chief information security officers and their teams as they refine
technologies, policies, and processes. This quarterly cyberthreat intelligence
brief, informed by the latest Microsoft threat data and research, provides
expert insights into the current threat landscape and the tactics and
techniques used by threat actors. It underscores Microsoft's commitment to securing
the digital ecosystem, in which we play such a central role. At Microsoft,
security is our top priority, ensuring we earn and maintain the trust placed in
us.
Beyond current insights, maintaining strong cyber hygiene is
crucial. Raising awareness of security risks and promoting good practices among
students, faculty, staff, and administrators can help create a safer
environment.
For IT and security pros in education, starting with the basics and
beefing up security is a good move. Centralising the tech setup can assist in monitoring
activities more effectively and spotting vulnerabilities more easily. Specifically,
the Cyber Signals report recommends that IT teams think about using “protective
domain name service,” a handy free tool that can help stop ransomware and other
cyberattacks by blocking access to harmful websites. To prevent password spray
attacks, they should make sure to enforce strong passwords and set up
multifactor authentication.
For under-resourced IT teams, tools such as Microsoft
Copilot for Security can significantly enhance the efficiency and
capabilities of security defenders, allowing them to improve their security
outcomes at machine speed and scale. This AI-powered security solution provides
an assistive copilot experience, supporting professionals in end-to-end
scenarios like incident response, threat hunting, intelligence gathering, and
posture management.
It’s also important for universities to teach students and staff
about good security habits and encourage them to use multifactor authentication
or passwordless options. According to the report, accounts are more than 99.9%
less likely to get hacked with multifactor authentication.
By putting stronger defenses and proactive measures in place,
universities can better equip themselves to fend off the increasing threats to
their sensitive data and groundbreaking research. Building a solid security
posture isn't just about technology; it's also about fostering a watchful
culture ready to manage potential attacks. Investing in these measures now will
safeguard their valuable assets and ensure their critical work continues
without disruption.
By: Phyllis Migwi, Country General Manager, Microsoft Kenya.
