Phishing in academic environments

Introduction

Higher education is a popular target for phishing scams. However, the industry’s vulnerability is often overlooked by both cybersecurity specialists and university administrators alike. And the threat is serious:

  • The education sector ranked #3 for the highest number of data breaches, according to the Symantec Internet Security Threat Report for 2015
  • Higher education data breaches have resulted in the exposure of over 1.3 million identities
  • 56% of universities have seen an increase in phishing attacks within the last year 
  • It’s not just the little guys — major universities like Harvard, Penn State and Johns Hopkins have all been hacked since 2015

Why do hackers target higher education? 

There are a few key reasons why higher education is such an appealing target to hackers. 

Colleges and universities are a one-stop shop for everything cybercriminals crave — personal data, confidential research information and deep pockets. Universities keep records of personally identifiable information belonging to students, faculty and staff. This includes Social Security numbers, financial information and more. Universities are also home to sensitive and sometimes secretive research information that can be stolen and sold to foreign entities. 

But it’s not just the data gold mine that attracts hackers. Colleges and universities are particularly vulnerable to cyberattacks, and attackers like an easy target. Thousands of users —  many of them students who are unaware of cybersecurity threats — make the network incredibly easy to break into via phishing scams. Add in the fact that most students use their own devices like personal laptops and cell phones, and you have an information security nightmare on your hands. 

In fact, three in ten data breaches at colleges are caused by the “unintentional disclosure” of sensitive information via phishing scams or the misuse of social media, according to a survey (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Christine McKenzie. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/kfZwaZgXrbo/