Research: Compromised On-Premises Accounts Blamed in 75% of Attacks Targeting Education

In three of four cyberattacks targeting education institutions over the last 12 months, IT and security practitioners surveyed by cybersecurity vendor Netwrix cited compromised on-premises user or admin accounts as the attack pathway, according to a new report.

The 2023 Hybrid Security Trends – Education Findings report details findings from Netwrix’s survey of over 1,600 IT and security professionals, which included questions about educational institutions’ IT architecture and digital transformation progress.

Just over three-fourths of respondents said their organization uses a hybrid IT architecture, with 5% fully operating in the cloud. Of the remaining 18% education organizations whose IT systems are housed strictly on-premises, 68% said they plan to adopt cloud technologies moving forward, according to the report.

According to the report, 69% of education respondents said they suffered a cyberattack within the last 12 months, with the most common attack vectors being phishing and user account compromise, Netwrix. What's more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

"Organizations in the education sector handle variety of accounts — staff, third-party contractors, educators, students, alumni — that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained on security best practices because there is a continual supply of newcomers," said Dmitry Sotnikov, VP of Product Management at Netwrix. "In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it on a regular basis."

Netwrix urged IT managers to enforce strong password policies that prevent the use of weak and compromised passwords, require MFA, and adhere to the least-privilege principle.

Find the full survey results at Netwrix.com.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • central cloud platform connected to various AI icons—including a brain, robot, and network nodes

    Linux Foundation to Host Protocol for AI Agent Interoperability

    The Linux Foundation has announced it will host the Agent2Agent (A2A) protocol project, an open standard originally developed by Google to support secure communication and interoperability among AI agents.

  • laptop displaying a digital bookshelf of textbooks on its screen

    Collaboration Brings OpenStax Course Materials to Microsoft Learning Zone

    Open education resources provider OpenStax has partnered with Microsoft to integrate its digital library of 80 openly licensed titles into Microsoft Learning Zone, an on-device AI tool for generating interactive lessons and learning activities.

  • cybersecurity analyst in a modern operations center monitors multiple digital screens showing padlock icons, graphs, and a global map with security markers

    Louisiana State University Doubles Down on Larger Student-Run SOC

    In an effort to provide students with increased access to real-world cybersecurity experience, Louisiana State University has expanded its relationship with cybersecurity solutions provider TekStream to launch TigerSOC, a new student-run security operations center.

  • abstract pattern of cybersecurity, ai and cloud imagery

    OpenAI Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.