Cybersecurity in Tertiary Education: An Increasingly Pressing Concern

When we think about industries that cybercriminals might target, tertiary education probably isn’t the first to come to mind. However, recent findings from Microsoft’s Cyber Signals report reveal a startling reality: education was the third most targeted industry in the second quarter of this year. The combination of valuable data and inherent vulnerabilities within educational systems has attracted various attackers, from those employing sophisticated malware techniques to nation-state actors engaged in traditional espionage.

The Vulnerability of Tertiary Institutions in Africa

This issue is particularly concerning for tertiary institutions in Africa, which has emerged as one of the most targeted regions globally for cyberattacks. A recent study of 60 Kenyan universities highlighted that many of these institutions are grappling with frequent hacks while simultaneously lacking adequate cybersecurity policies and controls. This includes deficiencies in organizational, human, physical, and technological resources.

For instance, a prominent Moroccan university faced a significant security breach last year involving its master’s degree nomination platform. Similarly, a private university in Nigeria had its website completely overtaken by hackers. These incidents underscore a troubling trend: the education sector’s vulnerabilities have not gone unnoticed by cybercriminals.

The Scale of the Threat

According to the Cyber Signals report, over 15,000 emails containing malicious QR codes were sent daily to the education sector using Microsoft Office 365 email in the past year alone. This statistic highlights the targeted and persistent nature of these threats, emphasizing the urgent need for educational institutions to bolster their cybersecurity measures.

Why Are Hackers Targeting Education?

Several factors contribute to the education sector’s attractiveness to hackers:

1. Diverse User Base: Universities host a wide range of users, including students, faculty, and administrative staff. This diversity creates a complex environment that can be challenging to secure.

2. Open and Dynamic Environments: The open nature of university environments, characterized by frequent activities and international students, makes them particularly vulnerable to cyberattacks. The need for accessibility often leads to relaxed security protocols.

3. Email Systems: Educational institutions often have less stringent email security measures. The volume of emails creates noise in the system, making it difficult to implement effective controls while remaining accessible to alumni, donors, and external collaborators.

4. Remote Learning Challenges: The rise of virtual and remote learning has extended educational applications into homes and offices, often involving personal and shared devices that are unmanaged. Students, who may not be well-versed in cybersecurity, can inadvertently expose their devices to risks.

5. Legacy Infrastructure: Many tertiary institutions face funding and operational challenges, leading to a reliance on outdated IT systems alongside newer technologies. This patchwork of infrastructure complicates cybersecurity efforts and increases vulnerability.

6. Valuable Intellectual Property: Universities are hubs for valuable intellectual property and cutting-edge research, often collaborating with government agencies. This makes them attractive targets for attackers seeking to steal sensitive data.

Strengthening Cybersecurity Measures

While enhancing cybersecurity can seem daunting and costly for educational institutions, there are actionable steps they can take to protect themselves:

Understanding the Threat Landscape

A clear understanding of the threat environment is crucial. Reports like Cyber Signals serve as invaluable resources for chief information security officers and their teams, helping them refine technologies, policies, and processes. These reports provide insights into current threats and the tactics employed by cybercriminals.

Promoting Cyber Hygiene

Maintaining strong cyber hygiene is essential. Raising awareness of security risks and promoting good practices among students, faculty, staff, and administrators can help create a safer environment.

Centralizing Technology

IT and security professionals in education should consider centralizing their technology setups. This approach can facilitate more effective monitoring of activities and easier identification of vulnerabilities.

Implementing Protective Measures

The Cyber Signals report recommends using protective domain name service (PDNS), a free tool that can help block access to harmful websites, thereby preventing ransomware and other cyberattacks. Additionally, enforcing strong passwords and implementing multifactor authentication can significantly reduce the risk of password spray attacks.

Leveraging AI Tools

For under-resourced IT teams, tools like Microsoft Copilot for Security can enhance the efficiency and capabilities of security defenders. This AI-powered solution supports professionals in various scenarios, including incident response and threat hunting.

Educating the Community

It is vital for universities to educate students and staff about good security habits. Encouraging the use of multifactor authentication or passwordless options can dramatically reduce the likelihood of account hacks.

Conclusion: Building a Culture of Security

By implementing stronger defenses and proactive measures, universities can better equip themselves to fend off the increasing threats to their sensitive data and groundbreaking research. Building a solid security posture is not solely about technology; it also involves fostering a culture of vigilance and preparedness against potential attacks.

Investing in these measures now will not only safeguard valuable assets but also ensure that critical educational work continues without disruption. As Phyllis Migwi, Country General Manager of Microsoft Kenya, emphasizes, the commitment to security is paramount in maintaining the trust placed in educational institutions.

For more insights and updates on cybersecurity in education, follow us on Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to stay informed about future developments.