Trustwave, a prominent cybersecurity and managed security services provider, has recently published an in-depth analysis that reveals distinct cybersecurity threats that education institutions are confronted with. Titled “2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” the report serves as a crucial insight into sector-specific risks and equips cybersecurity leaders in the education sector with actionable strategies to reinforce their defences.
Educational institutions, ranging from primary school systems dealing with sensitive data of minors to higher education entities guarding intellectual property data, are viewed as prime targets for cyberattacks. These attacks not only compromise the safety of teachers and administrators but also pose serious threats to the privacy of students, staff, and other relevant entities.
The latest research from Trustwave SpiderLabs provides an in-depth understanding of the attack flow deployed by threat groups, shedding light on their methods and procedures. The numerous cybersecurity risks faced by the education sector vary significantly, ranging from job offer scams targeting students to the exposure of networked devices due to vulnerabilities in public-facing applications.
Kory Daniels, the Chief Information and Security Officer at Trustwave, stated “The education sector faces an incredible challenge in navigating a diverse and fluid attack surface with increasing financial pressures, leaving little room for error as digital leaders aim to sustain resilience to threats”. He also expressed his concern that data related to students, staff, alumni, and professors can act as bait, attracting threat actors aimed at targeting either the institution itself or associated individuals. He insisted that the recent threat briefing made available by Trustwave is a vital resource aiding cyber defenders by equipping them with actionable insights to navigate the latest threats and protect their students, staff, and data.
The Trustwave SpiderLabs report scrutinises various threat groups and their methodologies throughout the attack cycle, beginning from the initial foothold to the ultimate exfiltration. Key findings from the report include: The threat group LockBit was responsible for 30 per cent of ransomware incidents targeting the education sector; Apache Log4j (CVE-2021-44228) continues to be the most common exploit attempt against education institutions, accounting for 74 per cent of attempts; and a significant exposure of critical systems and devices with 1.8M devices related to the education industry being exposed publicly.
Trustwave continues to be globally appreciated for its role in augmenting cybersecurity resilience and reducing cyber risk against disruptive and damaging cyber threats. With its world-class team of security consultants, threat hunters, and researchers, Trustwave is committed to minimising the potential impact and likelihood of cyber-attacks.