Check Point Research: Education sector sees 29% increase in attacks against organizations globally

• Check Point Research (CPR) observes a steady increase in the average number of cyberattacks per organization weekly, with the education/research sector showing a higher number of attacks than other sectors
• In July 2021, there was a 29% increase in attacks against organizations in the education sector compared to H121
• By region, organizations in education/research sector in South Asia most targeted, followed by East Asia and ANZ
• By country, Indian education organizations are the most targeted, followed by those in Italy and Israel

Check Point Research (CPR) today reports that since mid-2020, we are seeing a steady increase in the weekly number of cyberattacks per organization globally, with the education/research sector being impacted at a higher rate than others.

In 2020, the COVID-19 pandemic forced organizations to pivot suddenly to a mostly remote workforce. Within a matter of weeks, organizations that had no existing telework programs needed to adapt and update their infrastructure so that their employees, partners and users could work from home. It is now mid-2021, and the end of the pandemic is nowhere in sight, with organizations in many sectors having to deal with an increasingly active and complex threat landscape.

In particular, organizations in the education and research sector are finding themselves engaged in a cyber security battle like never before. This includes schools, universities and research facilities. Most recently, the Department of Education in Australia’s New South Wales reported that it experienced a cyberattack which resulted in many of their online platforms shutting down, just days before remote learning was to commence in the new school term.

In fact, in July 2021, education/research was the sector that experienced the highest volume of attacks, with an average of 1,739 attacks per organization weekly. This was a 29% increase from the first half of 2021. The only sector which made a higher change from the first half of 2021 was Leisure, at 51%, as one might expect during the summer months.

Figure 1: Weekly average number of attacks per organization globally – education sector vs other sectors (2020 – 2021)

India, Italy, Israel are the most targeted countries in education sector

By country, in July 2021, organizations in the education/research sector in India experienced the highest volume of attacks with an average of 5,196 attacks weekly per organization. This is a 22% increase from the first half of 2021.

This is followed by Italy, which had an average of 5,016 attacks weekly per organization (70% increase); Israel, with 4,011 attacks weekly (51% increase); and Australia, with 3,934 attacks weekly (17% increase). In Figure 2, we can see an increase in the number of attacks weekly per organization compared to the first half of the year in various countries.

Figure 2: Weekly attacks per organizations by country (July 2021 compared to first half of 2021)

In more than half of the countries in the list, education/research is the most attacked sector and in 94% of them, it is in the top 3 most attacked sectors.

By region, organizations in the education/research sector in South Asia currently experience the highest volume of attacks, as seen in Figure 3, with an average of 5,084 attacks weekly per organization. This is a 23% increase compared to the first half of the year. This is followed by East Asia with 3,873 attacks (79% increase) and ANZ with 3,684 attacks (17% increase).

Figure 3: Average weekly number of attacks on organizations in the education/research sector by region

Tips for academia, staff and students to stay protected

• Passwords matter:it is a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.
• Be phishing-aware:be wary of clicking on links that look in any way suspicious and only download content from reliable sources that can be verified. Remember that phishing schemes are a form of social engineering so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not cyber criminals.
• Reduce attack surface: A common approach in information security is to reduce the attack surface. For endpoints, you need to take full control of peripherals, applications, network traffic, and your data. You need to encrypt data when it is in motion, at rest, and in use. It is also important to make sure you enforce your corporate policies to achieve endpoint security compliance
• Anti-ransomware technology allows you to detect signs of ransomware and uncover running mutations of known and unknown malware families by using behavioral analysis and generic rules
• Contain and remediate: Contain attacks and control damage by detecting and blocking command and control traffic and prevent the lateral movement of malware by isolating infected machines. You can then remediate and sterilize your environment by restoring encrypted files, quarantining files, kill processes, and sterilizing the full attack chain.

Today more than ever, endpoint security plays a critical role in enabling your remote workforce. Harmony Endpoint provides comprehensive endpoint protection at the highest security level, crucial to avoid security breaches and data compromise.