Cyberthreats in education sector growing says NTT report

Share
K-12 schools in America face various application security threats, but can take various steps to guard against cyberattacks NTT research finds.

Accelerated online learning environments and increasing rates of ransomware and phishing attacks against K-12 schools in America are creating unique cybersecurity challenges for the education sector, according to the September 2021 “AppSec Stats Flash” report from global technology provider NTT.

The report found three key takeaways: 

  1. Applications within the Education Sector Have a 57 Percent Window of Exposure (WoE) Rate: WoE represents the amount of time that an application has a serious vulnerability that can be exploited to data breaches, NTT stated. The education sector’s WoE rate is improving, and this can be attributed to the fact that many schools are focused on fixing vulnerabilities within their web applications. Also, education has one of the best WoE rates (less than one month) across all sectors.
  2. Information Leakage Is the Most Common Vulnerability Among Schools: Information leakage ranked first in terms of vulnerability classes identified between June 1, 2021 and Sept. 1, 2021, followed by insufficient session expiration, cross site scripting, insufficient transport layer protection and content spoofing.
  3. On Average, It Takes Approximately 206 Days to Fix a Critical Vulnerability in Education: It takes an average school about 206 days to fix a critical vulnerability, NTT reported. In addition, the remediation rate for critical vulnerabilities is 34 percent; comparatively, this rate is 46 percent across all industries.

An NTT spokesperson said: "Our Application Security research team focused on cyberthreats targeting education applications as security concerns in that sector continue to grow. Accelerated online learning environments due to the pandemic and considerable rates of ransomware and phishing attacks against K-12 schools have increased focus on the unique cybersecurity challenges these organisations face.

"According to a report released by the K-12 Cybersecurity Resource Centre during the calendar year 2020, the K-12 Cyber Incident Map catalogued 408 publicly-disclosed school incidents, including student and staff data breaches, ransomware and other malware outbreaks, phishing attacks and other social engineering scams, denial-of-service attacks, and a wide variety of other incidents. This is 18 percent more incidents than were publicly-disclosed during the prior calendar year and equates to a rate of more than two incidents per school day over the course of 2020.”

The report concluded that organisations in the education sector are hyper-focused on fixing critical vulnerabilities within their critical web applications. This approach seems to be working, as the sector’s otherwise stable Window of Exposure metrics are now improving but cybersecurity remains a top concern for organisations across the education sector.

NTT indicated said there are many things that schools can do to guard against application security vulnerabilities, including:

  • Tracking application security vulnerabilities.
  • Educating their software teams to eradicate vulnerabilities from their applications.
  • Monitoring the average time to fix critical and high-severity vulnerabilities.
  • Exploring ways to improving WoE and the overall security posture of applications.
Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security