Combating cyber security threats in educational institutions

Written by Natalie Trotter

Cyber-attacks within educational institutions have been growing in frequency over the years and COVID-19 further exacerbated this problem due to the rapid transition to facilitate remote learning without adequate network security measures in place. Security professionals were unable to respond quickly enough to protect from ever growing vulnerabilities due to the speed at which hybrid learning was adopted, quickly moving from pen and paper to zoom and laptops. According to Check Point Research, the Education/Research sector experienced the highest worldwide volumes of attacks every month from 2021 continuously into 2022 [1].

The industry is not able to utilise cutting edge technology compete or compete with private sector salaries and budgets for security due to limited funding. The sector supports vast volumes of endpoints (computers) accessing IT infrastructure in vast numbers and it is therefore unsurprising that SecurityScorecard noted education as the least secure industry with the highest amount of vulnerabilities present [2].

Educational computer networks have been under constant threat and attack and information lost or rendered inaccessible. Cyber-attacks against universities or schools impact their operations and financial position and create repetitional damage. Such events also increase stress of the staff and students impacted and safety of students is compromised.

Educational institutions are targeted because they are perceived to be easy targets from a security perspective. They hold a wealth of personally identifiable information (PII) on students, faculty, and staff, donors, and partners and intellectual property. All of this data has a value when exfiltrated as it can be sold on the dark web or encrypted and held to ransom for decryption keys. When cybercriminals undertake a ransomware attack and hold data to ransom, it creates downtime, disruption, repetitional damage and financial losses. To illustrate this point, in May 2022, Lincoln College (Illinois) was forced to close its doors, after 157 years of teaching, because of COVID-19 and a devastating cyber-attack [3].

Education has peak period operational needs annual due to exams and clearing to onboarding as examples. In June 2022, Tenafly Public Schools were forced back to basic learning methods and exams postponed because of a cyber-attack, leaving their technical processes inoperable.
Human exploitation is a significant weakness in any organisation. In this sense we are talking about third parties exploiting weaknesses in human behaviour.

Spoof emails are cleverly designed to trick employees and students to click on links, open attachments or enter credentials to steal data or money, leaving themselves as an easy target to cyber criminals.
Email fraud is generally a big problem, and many educational establishments are not implementing simple email authentication practices to prevent domain spoofing. 97% of the top 10 Universities in the country are not taking even the most basic effective measures to protect their email domains, increasing the risk of email fraud [4]. This contradicts statistics from a Government Cyber Security Breaches Survey where 73% of higher education institutions believed they were likely to identify spoofing and similar fraudulent communications [5].

Examples of cyber security threats to educational institutions

Denial of Service attack (DDOS)

A malicious programme designed to disrupt a targeted server, service, or network by overwhelming the target or its surrounding infrastructure, bringing the server, service, or network down. This is a high risk to any educational institution during peak operational periods (annual exams, clearing to onboarding).


Exploiting human error through phishing emails (often containing false information and requests or malicious links). Emails remain the most common method of security compromises across all industries.


A network attack where all data on the network is encrypted and rendered unreadable and unusable. A ransom is demanded for decryption keys.

Senior Management

86% of the respondents to a higher education JISC survey [6] felt that cyber security is a strategic priority for senior managers in education. Cyber security cannot be seen as being the sole responsibility of an IT department, as it is up to senior management to facilitate funds for tools and the resources required to keep educational establishments safe, online and operational.

How Can Educational Institutions Address Cybersecurity Issues?

Technical controls

Asset management, antivirus protection, patch management and regular system testing and monitoring is essential. Vulnerability scans and penetration testing must be completed frequently to ensure gaps and vulnerabilities in security is identified and closed.

Outsourcing security

With the challenge of private sector salaries, skills shortages, and the increasing cost in developing, implementing, and managing the latest cyber security controls, utilising outsourced security providers can be beneficial to educational institutions. Endpoint monitoring 24 hours a day, 365 days a year by utilising the services of a professional Security Operations Services provider staffed by cyber security experts is a costs effective and efficient way to outsource the security elements of an educational institution’s network.

Staff training

Basic but essential. According to the UK Government, cyber security breaches survey, just 73% of higher educational and 66% of further educational organisations have implemented compulsory security awareness training for staff. Testing the training to ensure staff understand and adhere to best practices is an essential part of security.

No Obligation Consultation

If you have any questions and wish to arrange a free no obligations consultation to discuss cybersecurity for your organisation, please get in touch with our experts by filling in the form below.
We are a cyber security company with over 16 years’ experience is network security and remediating networks following a cyber-attack.

Knowledge Base

Ransomware: Pay or Don’t Pay? A Guideline for Ethical Decision-Making

In February 2021, CD Projekt Red revealed that it had been the victim of a ransomware attack. However, the company made no rans...

Read More +

Navigating the Surge in Cyber-Attacks: Safeguarding the Education Sector

We have recently seen an increase in malicious actors targeting the education sector. In Q1 2022, educational organizations glo...

Read More +

5 Challenges Uninsured Businesses Face while Obtaining Insurance After a Cyber Breach

In 2022, the FBI’s Internet Crime Complaint Center (IC3) received 800, 944 reported cybersecurity complaints, with losses...

Read More +
CyberClan CyberClan CyberClan CyberClan