Education sector hounded by cyber attacks in 2021

The education and research sector recorded a 75 per cent year-on-year increase in cyber attacks as the move to working from home enlarged the attack surface and opened up new vulnerabilities.
Maya Horowitz (Check Point Software)

Maya Horowitz (Check Point Software)

Education and research were the top targets for cyber attackers in 2021, with an average of 1605 attacks per organisation per week, a 75 per cent increase from 2020, according to research by Check Point Software Technologies.

"In a year that began with the fallout from one of the most devastating supply chain attacks in history, we’ve seen threat actors grow in confidence and sophistication,” said Maya Horowitz, vice president of Research at Check Point. “This culminated in the Log4j vulnerability exploit which, yet again, caught the security community off-guard and brought to the fore the sheer level of risk inherent in software supply chains.

"In the months between, we saw cloud services under attack, threat actors increasing their focus on mobile devices, the Colonial Pipeline held to ransom, and the resurgence of one of the most dangerous botnets in history."

Pandemic’s push for digital invites threats

The COVID-19 pandemic has pushed staff in businesses and education to work from home. The resulting need for digital skills and online courses has boosted the digital education market, creating opportunities for study but also for cyber threats.

A major shift to distance learning and the fact that online education organisations have a huge number of non-employees accessing their systems from remote locations widens the exposure, elevating risks, according to Omer Dembinsky, data research manager at Check Point.

Following closely behind the education sector is the government and military sector which registered 1136 attacks per organisation per week in 2021, a 47 per cent increase from the previous year. Government has always been a major target for such attacks owing to the sensitivity of its undertakings. The shift by governments worldwide to providing services to citizens online created another target.

Third on the list is the communication industry, logging 1079 attacks weekly per organisation, 51 per cent higher than last year.

Constellation Research analyst Liz Miller sees the education sector as an easy target for bad actors as it has not prioritised cyber security, while the pandemic “forced educators into being accidental CIOs” as they sought to move teachers, staff, and students onto new technologies from home. 

“Ransomware attackers also understood that schools needed to operate and were not getting as much attention for critical updates and heightened security postures as, say, hospitals or medical institutions,” she said.

Top attacks: Log4j vulnerability, ransomware

In 2021, there was a 50 per cent overall jump in cyber attacks, says Check Point’s Dembinsky.

“Although the increase was really across the board, in December the added attacks attributed to Log4j vulnerabilities indeed helped push the numbers up. There has also been a 57 per cent increase in ransomware impact on corporate networks and 59 per cent in info stealers,” he said. 

Check Point found that there were millions of attacks per hour attempting to exploit the Log4j vulnerability, in November and December 2021.

Log4j is a free, open-source logging framework developed by Apache logging services, used widely by vendors including AWS, Apple iCloud, IBM, Cisco, Cloudflare, Microsoft, Minecraft, and VMWare, among others. 

The recently discovered vulnerability allows attackers to execute malicious code remotely on a target computer running the framework. It was first found and reported by Chen Zhaojun of the Alibaba Cloud Security Team on 24 November 2021 and has since been fixed with successive patches.

Other key findings of the Check Point report included Africa being the most attacked region in 2021 with 1582 attacks per organisation per week, up by 13 per cent against 2020, followed by Asia-Pacific with 1353 attacks and a 25 per cent increase.

Top defences: partnering on privacy, and employee education

Analysts and researchers have some suggestions for corporate leaders and security officers to deal with the constant rise in attacks.

Constellation’s Miller recommends trying to “find champions in colleagues rather than your usual IT and technology guys,” to partner up in strengthening the security agenda. 

“I am a huge advocate for a tight alignment and partnership between the CISO and the chief marketing officer,” she says. “A partnership here turns security conversations into brand security conversations where issues like privacy become a strategic value for the organisation and not just an operational checklist of compliance.”

Understanding the different layers of software and networks with timely checks on updates and patches can prove critical while arming against attacks, according to Miller.

Check Point’s report suggests a security architecture delivering a unified protection infrastructure with comprehensive and faster protection, as opposed to a scattered infrastructure with pieces that either don’t work together or take awfully long. It also recommends maintaining proper security hygiene, which includes patching, network segmentation, employee education, and implementing state-of-the-art security technology.