Sign up

Have some pie!

Education among ‘most-targeted’ breach sectors

Education was among the most-targeted industries for data breaches in 2021, a report has suggested.

Nearly 13% of breaches identified by Tenable were linked to the education sector. Photo: iStock

A "staggering" 52% of breaches in the education sector were the result of ransomware attacks

Research by cyber exposure company Tenable® found that 1,825 breach data incidents disclosed between November 2020 and October 2021 meant that more than 40 billion records were exposed worldwide.

The 2021 Threat Landscape Retrospective report suggested that almost 13% of breaches were linked to the education sector, with students, educators and parents impacted through canceled classes and inaccessible learning platforms.

A “staggering” 52% of breaches in the education sector were the result of ransomware attacks, it detailed.

“With thousands of students to serve and a growing IT infrastructure, educational institutions face an uphill battle protecting and securing devices,” the report noted.

“While it’s not clear if ransomware groups actively set out to target education facilities, or if this is a result of opportunistic activity targeting easy to find vulnerable devices, this is a worrisome trend.”

“Educational institutions face an uphill battle protecting and securing devices”

The migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service has altered the way organisations should think about security, Tenable® urged.

Education – together with healthcare, government and technology companies – proved to be valuable targets in 2021, and will “continue to be attractive to threat actors as we move into 2022”.

Any organisation that has not patched or mitigated threats such as ransomware remains at risk, Tenable research engineering manager, Scott Caveza said.

“Data continues to be valuable to attackers,” Caveza noted. “As our lives become more and more digitised, we continue to provide or be required to supply personal information to the companies we interact with.

“While we trust these organisations to properly protect our data, the risks of compromise continue to grow as threat actors look to leverage attacks for financial gain. Many organisations are forced to pay a ransom in order to recover access to data that they don’t have backups for.”

The UK’s National Cyber Security Centre noted in early 2021 that it had dealt with a “significant increase” in the number of attacks, while a 2020 survey of IT professionals at educational organisations indicated almost nine out of 10 believed they might have security gaps as the result of the rapid move to remote working.

Related articles

Still looking? Find by category:

Add your comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: All user contributions posted on this site are those of the user ONLY and NOT those of The PIE Ltd or its associated trademarks, websites and services. The PIE Ltd does not necessarily endorse, support, sanction, encourage, verify or agree with any comments, opinions or statements or other content provided by users.

To receive The PIE Weekly with our top stories and insights, and other updates from us, please