Add as a preferred source on Google


Education Accounts for 7.3% of Cybersecurity Incidents Across Industries in 2022, Up from 2.8% in 2021

  • By Kate Lucariello
  • 03/01/23

IBM Security, releasing its annual X-Force Threat Intelligence Index for 2023, noted that education, sixth on the list of 10 industries analyzed, jumped from 2.8% of all incidents in 2021 to 7.3% in 2022. The company noted it changed how it examined some of its data to give a more insightful and helpful picture of cybersecurity threats. Key threat highlights in the report include backdoor activity, extortion, phishing, and hacktivism/malware.

Across industries in 2022, extortion attacks accounted for 27% of incidents, deployment of backdoor access 21%, and ransomware attacks 17%. Although there was a 52% drop in phishing seeking credit card data, overall 41% of initial access incidents involved phishing, IBM said, with 62% of those using spear fishing attachment tactics.

In education alone, IBM Security X-Force responded to the following attacks:

  • Exploitation of public-facing applications on initial access (42% of incidents);
  • Spear fishing attachments (25%);
  • Data theft, extortion, and reconnaissance impacts (25% each);
  • Backdoor attacks (20%);
  • Ransomware, adware, and spam (13% each); and
  • Phishing (through service, link, and valid cloud and local account abuse) (8% each).

The company noted that the highest number of attacks were directed at Asia-Pacific areas (67%), followed by North America (27%) and Latin America (6%).

IBM Security gave several recommendations: Manage critical data assets to reduce exposure to attack; include source code, credentials, and other data that could already be out on the web in asset management programs; immediately act on threat intelligence; be prepared for attacks with flexible incident response plans; and have a reputable and competent IR vendor on retainer to help plan, test, and enact incident responses.

"Attacks are inevitable; failure doesn't have to be," the report concluded. "Organizations should develop incident response plans customized for their environment."

To read keynotes of the report, watch video discussions of specific insights, and register to download the report, visit the Threat Intelligence Index 2023 page.

IBM Security X-Force is a team of hackers, responders, researchers, and analysts who provide cybersecurity services. To learn more, visit the X-Force page.

About the Author

Kate Lucariello is a former newspaper editor, EAST Lab high school teacher and college English teacher.

Featured

  • Hand holding a stylus over a tablet with futuristic risk management icons

    Why Universities Are Ransomware's Easy Target: Lessons from the 23% Surge

    Academic environments face heightened risk because their collaboration-driven environments are inherently open, making them more susceptible to attack, while the high-value research data they hold makes them an especially attractive target. The question is not if this data will be targeted, but whether universities can defend it swiftly enough against increasingly AI-powered threats.

  • hand typing on laptop with security and email icons

    Copilot Gets Expanded Role in Office, Outlook, and Security

    Microsoft has doubled down on its Copilot strategy, announcing new agents and capabilities that bring deeper intelligence and automation to everyday workflows in Microsoft 365.

  • Graduation cap resting on electronic circuit board

    Preparing Workplace-Ready Graduates in the Age of AI

    Artificial intelligence is transforming workplaces and emerging as an essential tool for employees across industries. The dilemma: Universities must ensure graduates are prepared to use AI in their daily lives without diluting the interpersonal, problem-solving, and decision-making skills that businesses rely on.

  • business man using smart phone in office

    Microsoft Copilot Adds Voice Commands, Teams Collaboration, Local Data Processing

    Microsoft has introduced new features within its Microsoft 365 Copilot offering, aimed at making further foothold in the enterprise, including voice-based interaction, group collaboration tools, and an expansion of in-country data processing.