Tag Archive for: education

Rising ransomware attacks on education demand defense readiness

/in


Key points:

Ransomware attacks continue to wreak havoc on the education sector, hitting 80 percent of lower education providers and 79 percent of higher education providers this year. That’s a significant increase from 56 percent and 64 percent in 2022, respectively.

As “target rich, cyber poor” institutions, schools store massive amounts of sensitive data, from intellectual property to the personal information of students and faculty. Outdated software, limited IT resources and other security weaknesses further heighten their risk exposure. In a ransomware attack, adversaries exploit these vulnerabilities to infiltrate the victim’s network and encrypt their data, effectively holding it hostage. After encryption, bad actors demand ransom payment in exchange for the decryption key required to retrieve their files.

But the ramifications of ransomware extend beyond the risk of data exposure and recovery costs; attacks can also result in downtime that disrupts learning for students. The impact of ransomware has grown so severe that the Biden Administration has even committed to providing ongoing assistance and resources to support schools in strengthening their cyber defenses.

So, while ransomware in the education sector isn’t a new phenomenon, the stakes remain high. And with both higher and lower education institutions reporting the highest rates of attacks among all industries surveyed in a recent study, the need for increased defense readiness in the education sector has never been more evident.

3 ransomware trends disrupting classrooms in 2023

Cybercriminals have refined the ransomware-as-a-service (RaaS) model in recent years, enabling adversaries to specialize in different stages of attack. Amid the current ransomware surge, IT and security leaders in education must remain aware of the evolving threat landscape so they can effectively safeguard their networks and systems.

Here are some trends from The State of Ransomware in Education 2023 report that demand attention now:

1. Adversaries are leveraging compromised credentials and exploited vulnerabilities. More than three-quarters (77 percent) of attacks against higher education…

Source…

Manufacturing and education are most targeted by malware

/in


The Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report says the increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure.

Deepen Dasai

“Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses a significant threat to global organisations. Often, threat actors target ‘unmanaged and unpatched’ devices to gain an initial foothold into the environment,” said Deepen Desai, global CISO and head of security research at Zscaler.

He encourages organisations to enforce zero trust principles when securing IoT and OT devices – never trust, always verify, and assume breach. “Organisations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices,” he continued.

Consistent growth in attacks

With the steady adoption of IoT and personal connected devices, the report found an increase of over 400% in IoT malware attacks year-over-year. The growth in cyber threats demonstrates cyber criminals’ persistence and ability to adapt to evolving conditions in launching IoT malware attacks.

Additionally, research indicates that cybercriminals are targeting legacy vulnerabilities, with 34 of the 39 most popular IoT exploits specifically directed at vulnerabilities that have existed for over three years.

Source: Zscaler 2023

The Mirai and Gafgyt malware families continue to account for 66% of attack payloads, creating botnets from infected IoT devices that are then used to launch denial-of-service (DDoS) attacks against lucrative businesses.

Botnet-driven distributed DDoS attacks are responsible for billions of dollars in financial losses across industries around the globe. In addition, DDoS attacks pose a risk to OT by potentially disrupting critical industrial processes and even endangering human lives.

Industries favoured by attackers

Manufacturing and retail accounted for nearly 52% of IoT device traffic, with 3D…

Source…

3 ways to enable cyber resilience in education in 2023 and beyond

/in


Those of us with the privilege to work in education have an opportunity to shape the next generation to be more cyberaware and make our digital world a safer place. It’s an obligation we must all take seriously.

The threat environment is becoming more perilous, particularly with the growing use of artificial intelligence by hackers. The challenges coming our way in the future will best be met by a population that is informed, aware, and innately invested in cyber safety.

At the same time, cyber leaders at educational institutions today must deal with adversaries who increasingly view us as prime targets. Since institutions of higher education provide students, teachers, and researchers with full, unobstructed access to the resources they need, we’re vulnerable to all types of attacks. The challenge is exacerbated by the fact that our high-speed networks and powerful workstations provide fertile soil for botnets to spread harm broadly and quickly.

When cyber leaders in education view our most pressing challenges, it should be with the understanding that we’re not just practitioners–although that is of vital importance–but also teachers and role models. We need to practice what we preach, and we also need to preach what we practice.

As I look at today’s threat environment and the steps we can take to protect our institutions and provide guidance for the next generation, I see three key areas of opportunity:

  • Focusing on cyber wellness
  • Adopting a shared responsibility model
  • Embracing secure software development

Here’s why I think these three areas of focus are key to enabling cyber resilience in education in 2023 and beyond.

1. Cyber wellness

Cyber wellness comes down to common sense. It’s a mindset. But people need to be informed. They must understand that cyber safety is always a top priority, and you never let down your guard, not even for a moment. For example, say a student receives an email from a teacher or faculty. Do they know to check that the email address is legitimate? That the request makes sense? That it comes from the actual person making the request? This may seem simple, but it’s quickly becoming more difficult in the era of…

Source…

Deimos Calls for Bolstered Education for Cybersecurity Protection – Tech | Business

/in



Sifax

Advertisements

…Only 24% of Africa’s financial businesses believe they have sufficient resources to counter attacks.

Deimos, a leading African cloud-focused cybersecurity company, renowned for its pivotal role in cloud-native development and security operations, is sounding the alarm for an urgent need to bolster cybersecurity awareness and education across multiple sectors.

With a diverse clientele spanning the public sector, fintech, and e-commerce, Deimos is resolute on the critical importance of proactive security measures in safeguarding businesses against cloud security vulnerabilities.

Deimos prioritises automated security processes to reduce manual reviews and controls, mitigating human errors.

In Verizon’s 2023 Data Breach Investigations Report, they estimate that 74% of breaches involved the human element, which includes social engineering attacks, errors or misuse.

As remote and hybrid work is the new normal, businesses increasingly rely on cloud technology. Deimos sheds light on three vital methods engineering teams must apply to increase their cloud security:

  1. “Shifting left” – moving the security planning, design, and testing of key products earlier in the software development life cycle, rather than after release.
  2. “Defending right” – Implementing firewalls and intrusion detection systems to protect products from external threats.
  3. Utilising automated tools to establish guardrails before moving into production – such as static and dynamic application security testing, or package vulnerability scanning, to analyse source code, software packages, or web application respectively, for vulnerabilities. Utilising automated tools to establish guardrails before moving into production.

These protections are crucial for Africa’s fast-growing tech ecosystem which holds lucrative data and assets within the cloud, making unprepared businesses an attractive target for cybercriminals.

Each breach further impacts millions of Africans, across the continent and diaspora, and whilst cyber security solutions are readily available, many are not followed.

Deimos highlights the common pitfalls that startup organisations…

Source…