Why the Education Sector Needs to Get Better at Cyber Hygiene

  • By James Turgal
  • 02/12/25

As we enter the New Year, it hasn't taken long for the education sector to be hit by several high-profile cyber attacks, underscoring the growing threats facing this critical industry. One of the groups responsible for some of these attacks, known as FOG, is a relatively new player in the ransomware-as-a-service world. The group appeared in the wild in May 2024 and has built a reputation for targeting U.S.-based higher education institutions by exploiting compromised VPN credentials to gain access to sensitive systems. In fact, cybersecurity researchers at Arctic Wolf reported that 80% of all FOG's victims are in the education sector.

This rise in incidents highlights several important considerations that demand attention. First, it raises a critical question: Why aren't higher education institutions learning from the mistakes of their peers? Cyber attacks targeting educational institutions are not a new phenomenon. In recent years, ransomware groups and other bad actors have repeatedly exploited the sector. Despite the wealth of publicly available information about prior attacks and the TTPs (tactics, techniques, and procedures) used by cyber criminals, many institutions appear unprepared to protect their students, faculty, and endowments from cyber threats.

The second takeaway is that cyber criminals continue to exploit well-established attack vectors, such as phishing, unpatched systems, and compromised credentials to infiltrate systems and access sensitive data. These vulnerabilities could often be mitigated with the implementation of basic security best practices.

A Call to Action

The recent wave of cyber attacks targeting the education sector underscores the persistent vulnerabilities within higher education institutions and the urgent need for these organizations to get up to speed on cyber hygiene and prioritize a comprehensive approach to cybersecurity.

Historically, institutions have pointed to tight budgets, reliance on outdated technologies, and the necessity of maintaining an open and collaborative environment as barriers to robust cybersecurity. However, these challenges can no longer serve as acceptable excuses. The stakes are simply too high, with ransomware groups and other threat actors continuing to exploit weaknesses to access sensitive data, disrupt operations, and demand significant payouts.

Educational organizations must recognize that adopting a proactive cybersecurity posture is no longer an optional investment — it is an operational necessity. Fortunately, there are several fundamental cybersecurity controls and practices that institutions can implement quickly and cost-effectively to significantly strengthen their defenses. Here are 10 of the most impactful measures.

1) Regular Cybersecurity Awareness Training

Offer short, engaging, and frequent training sessions to ensure participants pay attention and retain the information long after the session ends. The curriculum should cover common threats, how to respond, and cyber hygiene best practices. Empowering individuals with knowledge can drastically reduce the success rate of attacks.

2) Incident Assessment Integration

Use recent cyber attacks targeting educational institutions as case studies during training. Analyze the incidents to draw actionable insights. This can enhance internal processes and help participants understand real-world applications of cybersecurity measures.

3) Foster a Proactive Cybersecurity Culture

Make cybersecurity awareness a shared responsibility across all levels of the organization — from administrators, operators, and IT teams to faculty, staff, and students. Help individuals understand their role in safeguarding digital assets, networks, and identities. A culture of accountability can inspire widespread adoption of best practices.

4) Strong Passwords and Multi-factor Authentication (MFA)

Strong and unique passwords are essential to protect higher education systems and data. The strongest passwords are at least 12 characters, made up of a combination of letters, numbers, and special characters. Complement passwords with MFA, which requires two forms of verification before granting system access, making it significantly harder for attackers to exploit stolen credentials.

5) Robust Backup Practices

Regularly back up critical data and store it in secure, offline locations. In the event of a ransomware attack or system failure, backups provide a lifeline for recovering data without paying ransom demands.

6) Enhanced Virtual Private Network (VPN) Security

As many institutions rely on VPNs, ensure they are secured with updated protocols, strong passwords, and MFA. This minimizes risks associated with remote access and prevents attackers from exploiting weak points.

7) Timely Software Updates and Patch Management

Promptly update systems, applications, and firmware to close known vulnerabilities that attackers often exploit. Implement automated updates whenever possible to prevent gaps between vulnerability discovery and patch deployment.

8) Network Segmentation

Isolate sensitive systems and data from broader network access to limit an attacker's ability to move laterally within the network during a breach. This measure reduces the scope and impact of the attack.

9) Data Encryption

Utilize encryption to protect sensitive information, including staff and student data as well as academic research. Encryption ensures that, even if data is intercepted, it remains unreadable without the proper decryption key.

10) Incident Response Plans

Develop and routinely test an incident response plan to enable swift and effective action in the event of a cyber incident. Regular simulations ensure that all stakeholders are prepared to minimize downtime and damage.

The fundamental principles of staying safe in a dynamic threat landscape remain unchanged. What must change is higher education institutions' willingness and commitment to embrace and implement them.

By drawing on lessons from past incidents, staying current with cybersecurity best practices, and implementing the above measures, higher education institutions can begin to close the vulnerabilities that ransomware groups like FOG exploit. These proactive steps not only enhance security but also safeguard the trust and reputation of educational organizations in an increasingly digital world.

Featured

  • geometric pattern features abstract icons of a dollar sign, graduation cap, and document

    Maricopa Community Colleges Adopts Platform to Combat Student Application Fraud

    In an effort to secure its admissions and financial processes, Maricopa Community Colleges has partnered with A.M. Simpkins and Associates (AMSA) to implement the company's S.A.F.E (Student Application Fraudulent Examination) across the district's 10 institutions.

  • stylized figures, resumes, a graduation cap, and a laptop interconnected with geometric shapes

    OpenAI to Launch AI-Powered Jobs Platform

    OpenAI announced it will launch an AI-powered hiring platform by mid-2026, directly competing with LinkedIn and Indeed in the professional networking and recruitment space. The company announced the initiative alongside an expanded certification program designed to verify AI skills for job seekers.

  • Abstract AI circuit board pattern

    New Nonprofit to Work Toward Safer, Truthful AI

    Turing Award-winning AI researcher Yoshua Bengio has launched LawZero, a new nonprofit aimed at developing AI systems that prioritize safety and truthfulness over autonomy.

  • hooded figure types on a laptop, with abstract manifesto-like posters taped to the wall behind them

    Hacktivism Is a Growing Threat to Higher Education

    In recent years, colleges and universities have faced an evolving array of cybersecurity challenges. But one threat is showing signs of becoming both more frequent and more politically charged: hacktivism.