Netwrix, a vendor that delivers effective and accessible cybersecurity, surveyed 1,309 IT and security professionals globally and today released findings for the education sector based on the data collected.
It reveals that 77% of organizations in the education sector spotted a cyberattack on their infrastructure within the last 12 months, up from 69% in 2023. The most common attack vectors were similar to those among other industries: Phishing, user account compromise, and ransomware or other malware attacks.
In the education sector, almost half (47%) of organizations faced unplanned expenses to fix security gaps because of a security incident. Moreover, one in seven of those organizations incurred compliance fines, and each tenth reported changes in senior leadership and lawsuits.
“An incident can reveal security gaps such as excessive admin privileges, dormant accounts, weak or unchanged passwords, default passwords or configurations, and unpatched systems due to negligence or lack of knowledge. Fixing a gap might not immediately require spending additional money but will definitely require time from the IT security team. In other words, addressing the root cause of a security incident results in additional investment, in either money or effort, or both,” says Dirk Schrader, VP of Security Research and Field CISO EMEA at Netwrix.
“In the aftermath of a breach, organizations must prioritize remediation steps to reduce risks moving forward. For example, the immediate response may include patching software on the most critical servers and adding a manual review step on certain operations. Longer-term remediation may have to wait for the next budget cycle and require additional software, services engagement, or headcount,” says Ilia Sotnikov, Security Strategist at Netwrix.
Learn more about how the education sector can ensure data security here.