Education Cyber Attacks Shown in Numbers
It’s high time to discuss education cyber attacks. When it comes to cybercriminals, you can hardly find a field of human activity that has ever been neglected by them. The education sphere is no exception. Due to loads of critical data on students, their parents and staff members, educational organizations have become an attractive target and victims of increasing security breaches, information losses, and data manipulations.
As a rule, the sphere of education lacks appropriate protection and begs radical improvement. To make any changes in the strategy of protection, one has to dive into cause-and-effect relations between a breach and the state of security in an organization.
The first and foremost step in that process would be looking at the mistakes that were made and resulted in security incidents. This article reviews the history of security breaches in educational organizations and helps find out what kind of landscape has been formed over the last decade.
According to the “Just in Time Research: Data Breaches in Higher Education” by the EDUCAUSE Center for Analysis and Research (ECAR), during the period 2005–2014, Educational organizations took second place by the frequency of breaches – right after the healthcare organizations with 1,136 breaches. The report mentions 727 incidents in the sector of education that were made public. Such frequency of education cyber attacks does not correlate directly with the amount of stolen data. The most surprising fact is that the number of exposed records was the lowest in comparison with the losses of other sectors. By virtue of publicly visible information, the number of stolen records was 14,524,954, which amounted to about 1% of the total records compromised in other spheres. Furthermore, speaking about the breaches where the amount of stolen data is disclosed, the education sphere became the last place in terms of the number of records exposed per breach, which is some 27,500 records.
The main part of compromised organizations included higher education institutions. The dataset formed by the EDUCAUSE Center mentions 562 security incidents at 324 universities and colleges between 2005 and April 2014. This forms 77% of all the breaches in the education sphere. Total of 551 breach reports was made from 2005 to 2013 in colleges and universities, which means that the incident frequency rate was of about one attack per week.
As seen from the data provided by the EDUCAUSE Center, an average number of attacks on educational institutions per year was under a hundred. While the statistics presented by Verizon in their annual Data Breach Investigations Report covers only 2012 and 2013, the numbers of attacks per year also correlate with the ones given above. Visible changes became traceable starting from 2014. The number of reported breaches rose beyond 165 in 2014 and achieved the point of 254 in 2015.
In 2017, there were 393 reported security incidents in the educational sector, according to the report by Verizon.
Talking about the exact losses, security incidents in the field of education are often highlighted in the press with hundreds of records compromised. In 2015, malefactors managed to steal over 200,000 records with the results of CAT exams from the website of the Indian Institute of Management – Ahmedabad (IIM-A), and that is sadly not a surprising number for such attack. In a 2017 cyber attack, the Center for Election Systems at Kennesaw State University lost up to 7,500,000 records.
From such perspective, the future of security of educational institutions is sadly predictable and not quite gleeful. The total number of breaches has increased almost 15 times during five years from 2012 to 2017, which means that the number of incidents is not likely to decrease in the future. We cannot distract attackers from such a tempting target. Still, it is never too late to take care of the future security in advance.