The Education Sector Experienced the Highest Number of Data Breaches in 2023
New data from Verizon makes it clear that the Education sector is under attack, but also breaks down which threat actions and patterns are used most.
We’ve seen Education institutions become a major focus for cybercriminals and entities like the New York State Education Department and the FBI have issued warnings.
To me, it feels like threat actors are thinking “well, if we take down a school district or a university, it’s disruptive enough to get a ransom paid, but no one really gets hurt.”
In the latest Verizon Data Breach Investigations Report, we find that the Education sector experienced over 1500 confirmed data breaches last year – the highest number of any industry covered in Verizon’s report.
What’s interesting is how Verizon dissects the attack patterns, actions and assets targeted. According to the report:
- Social Engineering and System Intrusion were the top two breach patterns. Social Engineering attacks use pretexting, phishing as threat actions, while 70% of System Intrusion attacks involve ransomware
Source: Verizon
- Servers were the number one asset targeted in attacks, with Social, Malware, and Hacking top the list of breach actions. According to the report, ransomware and backdoor malware are the most common action varieties. The use of Social as a breach action makes it clear that the use of social engineering via email and text is commonly used as part of attacks targeting specific servers in Education institutions
- The Verizon data feels like it confirms something we’ve been writing about for years – they are, and will continue to be, a target. One aspect of defense needed is the implementation of security awareness training so that any social engineering-based aspects of an attack can be easily spotted by faculty and staff, helping to avoid an attack from being successful.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW