Schools Admit Security Gaps

Schools have admitted to creating gaps in their security by rapidly transitioning to remote education in an attempt to slow the spread of COVID-19.

The admission was announced today by cybersecurity company Netwrix, as one of several additional findings from its "2020 Cyber Threats Report" that examined how the coronavirus pandemic and remote learning initiatives have changed the IT risk landscape. 

The report is based on a survey of 937 professionals around the world, 66 of whom worked in educational institutions.

An overwhelming majority of educational institutions (89%) admitted to having new holes in their security as a result of the swift shift to remote education. A third (33%) said that they are more vulnerable to cyber-threats now than they were before the global health pandemic. 

Both of these results were higher in educational institutions than they were in any other vertical analyzed, including banking and finance, healthcare, government, and technology. 

Nearly all (92%) educational institutions said that they consider improper data sharing to be a top security risk. This thinking is logical since 41% of respondents reported becoming victims of this type of security incident in the first few months of the pandemic, making it one of the most common threat scenarios experienced. 

Other types of incidents reported by educational establishments included phishing (50%) and administrator mistakes (31%). Every fourth educational organization had experienced misconfiguration of cloud services in the first few months of the pandemic.

Concern about malicious actions by rogue admins had dropped from 92% before COVID-19 hit to 9% afterward. While only 12% of educational institutions had experienced such incidents, they had resulted in the longest dwell time with 43% of respondents saying that it took weeks or months to detect the issue.

“To minimize the risk and impact of human errors, we recommend investing in security training and easy-to-use collaboration tools," said Ilia Sotnikov, VP of product management at Netwrix.

"The latter will eliminate the temptation to share sensitive records through unsanctioned solutions, while giving the IT team enough control and auditability. Also look for ways to leverage automation to augment the IT team’s efforts."

What’s Hot on Infosecurity Magazine?