A number of educational institutions have recently fallen victim to cyberattacks, highlighting the need for increased awareness training for students and faculty. SC Media UK has discussed the trend. Last week, for example, Lancaster University in the UK announced that it had sustained a significant breach of student data after a phishing attack led to an attacker gaining administrative privileges. The hacker used the stolen information to craft fraudulent application invoices, which he then sent to applicants.
Two days prior to the discovery of the Lancaster breach, the US Department of Education warned that the application portals of 62 colleges in the United States had been exploited to create fraudulent student accounts. These accounts were subsequently used for unspecified criminal activities.
Kelvin Murray, a senior threat researcher at Webroot, told SC Media UK that the structure of universities make them tempting targets, and it’s not just petty criminals who are interested in attacking them.
“Unfortunately, the sprawling nature of a college – with all their separate faculties and facilities – and the inevitable movement of data between departments makes IT admin and security difficult to implement and maintain,” Murray said. “Additionally, universities contain a wealth of valuable intellectual property which can be valuable to hackers, especially those acting on behalf of governments.”
Carl Wearn, head of e-crime at Mimecast, said that students are a prime target for these attacks, particularly during the summertime.
“During the summer many students are stressed and very busy completing time-sensitive applications to College or University and this renders them particularly vulnerable to phishing in relation to those applications,” Wearn told SC Media UK.
Murray added that a defense-in-depth approach, with training, technology, and policy complementing each other.
“Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising the types of emails they receive,” Murray said. “This should be underpinned by cyber-security technology such as email filtering, anti-virus protection, and sensible password policies.”
Security technologies are essential, but they can’t stop every phishing attempt. Humans need to know how to recognize social engineering on their own, and new-school security awareness training is one of the best ways to give them this ability.
SC Media UK has the story: https://www.scmagazineuk.com/lancaster-university-phishing-attack-demonstrates-vulnerability-higher-education-sector/article/1591834
We've got something really cool for you:
the new Phishing Security Test v3.0!
Sending simulated phishing emails is a fun and an effective cybersecurity best practice to patch your last line of defense… your users.
Find out the Phish-prone percentage™ of your organization with our free updated Phishing Security Test that now includes our New Industry Benchmarking. See where you stack up! Industry Benchmarking enables you to compare your organization’s Phish-prone percentage with others in your industry.
Find out how you are doing compared to your peers and see the difference 12 months can make after using the integrated KnowBe4 Simulated Phishing and Security Awareness Training platform!
With Our Updated Phishing Security Test:
- You can customize the phishing test based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Start phishing your users now. Fill out the form, and get started immediately. There is no cost.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:
