Morphisec Education Cybersecurity Threat Index
"With the technology tools and devices being used for distance learning programs changing day-to-day, remote IT teams are faced with a daunting challenge to protect both students and educators from cyberattacks. The situation begs for the use of more proactive advanced threat protection."
BE’ER SHEVA, Israel and BOSTON (PRWEB) September 01, 2020
Fifty-two percent of K-12 educators in the U.S. say their school has not warned them about the dangers of ransomware as they prepare to scale remote learning in the fall, according to the Education Cybersecurity Threat Index released today by Morphisec, the leader in Advanced Threat Prevention. In addition, more than one-in-five (21%) educators within colleges and universities say their institution has already been the victim of a cyberattack since the onset of COVID-19.
Morphisec’s Education Cybersecurity Threat Index surveyed 500 teachers and administrators across the U.S. in July 2020. Of those surveyed, 67% worked within K-12, 24% worked within Higher Education, and 9% worked within other education institutions (e.g., private and alternative education). As many teachers and their students commence the academic year fully remote, including 17 of the 20 largest K-12 school districts, and thousands of universities, most have grown reliant on third-party technology vendors and video conference applications with widely reported security vulnerabilities. Morphisec Labs researchers discovered one such flaw in the Zoom application in April that enabled threat actors to record Zoom sessions without the participants’ knowledge.
In particular, ransomware has become a worrying threat to nearly all organizations, with demand costs already exceeding $1.4 billion in the U.S. in 2020. Despite this and the threat it poses in denying access to remote learning, just 13% of educators say it presents the most significant cybersecurity risk. Educators across all institutions do note that COVID-19 has mandated more dialogue on cybersecurity with parents (33%), and 31% admit it has created new cybersecurity vulnerabilities for their school. Meanwhile, just 27% of K-12 educators are using antivirus software, and only 11% say they are currently using a VPN.
Even before learning moved entirely online, many K-12 schools were dealing with a lack of dedicated funding and resources to help them vet and improve their cybersecurity defenses. And as a result, many failed to employ proper security protocols and left vulnerabilities unpatched. Now, as their dependency on third-party technology vendors grows, and IT teams are forced to operate remotely, they’re increasingly exposed.
Additional highlights from Morphisec’s Education Cybersecurity Threat Index:
- More than a third (34%) of educators at colleges and universities say their institution has historically been the target of a cybersecurity attack. This compares to 26% of K-12 educators who report the same.
- 69% of educators say they are using video tools to improve their teaching and productivity as they move to distance learning. In addition to video conferencing and leveraging their learning management systems (33%) for going remote, collaboration platforms (32%) are also being leveraged for distancing learning communication.
- When asked how COVID-19, online learning, and remote teaching has impacted cybersecurity at their school or institution, most respondents (39%) said the most significant impact was that it forced their IT teams to work remotely.
- Likely influenced by the recent Twitter attack and government warnings, educators recognize the substantial threat phishing attacks pose to their schools. A third of educators said these types of attacks represent the most danger to their education institution as it scales online learning, while 28% say spyware is the most dangerous threat.
“As the majority of students head back to school remotely this fall, the education industry’s attack surface has been stretched thin and placed firmly in the crosshairs of cyber attackers,” said Andrew Homer, VP of Security Strategy at Morphisec. “With the technology tools and devices being used for distance learning programs changing day-to-day, remote IT teams are faced with a daunting challenge to protect both students and educators. The situation begs for the use of more proactive advanced threat protection that can thwart even the most dangerous ransomware and ensures access to the IT systems powering remote learning during this critical period stays active and in good hands.”
Download the full Morphisec Education Cybersecurity Threat Index here.
About Morphisec
Morphisec delivers an entirely new level of endpoint security for any business with its Moving Target Defense-powered Guard and Shield products. Moving Target Defense places defenders in a prevent-first posture against the most advanced threats to the enterprise, including APTs, zero-days, ransomware, evasive fileless attacks and web-borne exploits. Morphisec provides a crucial, small-footprint memory-defense layer that easily deploys into a company’s existing security infrastructure to form a simple, highly effective, cost-efficient prevention stack that is truly disruptive to today’s existing cybersecurity model.