Research: Compromised On-Premises Accounts Blamed in 75% of Attacks Targeting Education

In three of four cyberattacks targeting education institutions over the last 12 months, IT and security practitioners surveyed by cybersecurity vendor Netwrix cited compromised on-premises user or admin accounts as the attack pathway, according to a new report.

The 2023 Hybrid Security Trends – Education Findings report details findings from Netwrix’s survey of over 1,600 IT and security professionals, which included questions about educational institutions’ IT architecture and digital transformation progress.

Just over three-fourths of respondents said their organization uses a hybrid IT architecture, with 5% fully operating in the cloud. Of the remaining 18% education organizations whose IT systems are housed strictly on-premises, 68% said they plan to adopt cloud technologies moving forward, according to the report.

According to the report, 69% of education respondents said they suffered a cyberattack within the last 12 months, with the most common attack vectors being phishing and user account compromise, Netwrix. What's more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

"Organizations in the education sector handle variety of accounts — staff, third-party contractors, educators, students, alumni — that have a high turnover rate. Even if identity management is automated, it is a challenge to keep users trained on security best practices because there is a continual supply of newcomers," said Dmitry Sotnikov, VP of Product Management at Netwrix. "In addition, students may lack experience in spotting phishing emails or fake websites asking for their credentials. To address these challenges, it is essential to mandate security training within the first few weeks and repeat it on a regular basis."

Netwrix urged IT managers to enforce strong password policies that prevent the use of weak and compromised passwords, require MFA, and adhere to the least-privilege principle.

Find the full survey results at Netwrix.com.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • glowing blue nodes connected by thin lines in an abstract network on a dark gray to black gradient background

    Report: Generative AI Taking Over SD-WAN Management

    In a few years, nearly three quarters of network operators will use generative AI for SD-WAN management, according to a new report from research firm Gartner.

  • abstract pattern with interconnected blue nodes and lines forming neural network shapes, overlaid with semi-transparent bars and circular data points

    Data, AI Lead Educause Top 10 List for 2025

    Educause recently released its annual Top 10 list of the most important technology issues facing colleges and universities in the coming year, with a familiar trio leading the bunch: data, analytics, and AI. But the report presents these critical technologies through a new lens: restoring trust in higher education.

  • abstract image representing AI tools for reading and writing

    McGraw Hill Introduces 2 Gen AI Learning Tools

    Global education company McGraw Hill has added two new generative AI tools to help personalize learning experiences for both K–12 and higher ed students, according to a news release.

  • abstract image of fragmented, floating geometric shapes with holographic lock icons and encrypted code, set against a dark, glitchy background with intersecting circuits and swirling light trails

    Education Sector a Top Target for Mobile Malware Attacks

    Mobile and IoT/OT cyber threats continue to grow in number and complexity, becoming more targeted and sophisticated, according to a new report from Zscaler.