Education sector: important statistics

Educational institutions face unique cybersecurity challenges due to the large number of users, accounts, and open access to network resources. Lack of budget, user negligence, and a shortage of IT professionals create additional risks that make this sector vulnerable to attacks. This is a continuation of a series of articles analyzing the state of cybersecurity, and today we are looking at challenges and trends in the education sector.

1. Adoption of cloud technologies

  • 81% of educational institutions have a hybrid IT architecture, which is higher than the average for other industries (74%).
  • 14% work exclusively on local servers, of which 47% plan to move to the cloud in the future.

2. Key security challenges

  • 51% of educational institutions consider lack of budget to be the main challenge in ensuring cybersecurity.
  • Other critical challenges:
    • 47% – user errors or negligence.
    • 45% – lack of IT/security staff.

3. Common cyber incidents

  • 77% of educational institutions have experienced a cyberattack in the past 12 months, up from 69% in 2023.
  • The most common threats:
    • Phishing (78% of cases).
    • Account compromise (43%).
    • Ransomware attacks (25%).

4. Consequences of cyberattacks

  • 47% of educational institutions have incurred unforeseen costs to address security issues.
  • 14% have received fines for violating compliance standards.
  • 11% reported a change in leadership due to incidents.

5. Key risks and recommendations

Universities and schools have numerous accounts, which increases the complexity of security management. The use of shared devices and systems with open Internet access creates a significant attack surface.

Required measures:

  • Strong password policy to prevent the use of weak or compromised passwords.
  • Multifactor authentication (MFA) to increase access security.
  • Adhere to the principle of least privilege, which Netwrix Privilege Secure can help with.

Conclusion

Educational institutions are increasingly adopting cloud-based solutions, but face financial and security constraints due to the high number of users and wide access to resources. To minimize risks, it is necessary to implement MFA, access control policies, and effective monitoring of user activity.

Subscribe to news