WatchGuard Blog

Universities take 207 days to detect a data breach

Although cyberattacks on higher education institutions date back years, there has been a spike in university cyberattacks over the last two years. Cybercriminals had taken advantage of the rapid transition to hybrid learning that higher education institutions have been forced to implement before they had time to strengthen their cybersecurity, which has left most of them exposed. This is yet another example of accelerated adoption of new technologies before security measures are in place.

In 2021 there were 1,241 reported incidents in the education sector, out of which 282 resulted in a confirmed data breach, with external threats accounting for 75% of these breaches, according to a Verizon survey. Over the last year, data security breaches rose by 30% compared to the previous year. Another interesting finding from this report is that 34% of the errors in higher education resulted from an email sent to the wrong person or with the wrong attachment.

The cost of a data breach in universities

The average cost of a data breach at a higher education institution is around $3.86 million, as revealed in IBM's "Cost of data breach" report. Universities can take around 207 days to detect that they are experiencing a breach and a further 70 days to contain the breach. The longer it takes to detect the attack, the higher the cost of the incident. The main attack vectors hackers use to access higher education institution networks are as follows:

  • Compromised credentials
  • Phishing
  • Cloud misconfiguration
  • Vulnerabilities in third-party software

How to protect hybrid education institutions from cyberattacks

In the post-pandemic era, it is essential that educational institutions, especially universities, continue the digital transformation. But, to do it right and avoid cybersecurity threats, institutions must put students and faculty, i.e., users, at the center of the process. So, if they are aiming to provide secure hybrid education, they need to take the following steps: 

  • Have network visibility: Universities need to have visibility across their networks so that they can detect and block potential intrusions in the traffic. Using technologies such as firewalls, data loss prevention solutions, and domain name system (DNS) filtering can help in this task.
  • Assess system vulnerabilities: Identifying weaknesses in the network is of utmost importance when it comes to containing cybercriminals who seek to exploit potential security holes. This will enable institutions to deploy patches where necessary. 
  • Use software-defined wide area network (SD-WAN): This virtual WAN architecture enables universities to reduce the risk of outages and data loss by using a centralized control function to route traffic securely and intelligently across the WAN and directly to applications. This also enables them to connect legacy hardware and software to SD-WAN networks and dynamically optimize network traffic as needed, reducing latency.
  • Protect student, academic, and administrative staff identities: Establishing user access control to applications and data, deploying multi-factor authentication (MFA) to secure credentials, and enforcing password management policies, ensures a secure digital experience for users. 
  • Provide secure Wi-Fi on campus: To circumvent known and unknown threats, universities must deploy Wi-Fi networks that provide automatic protection, facilitate integrated security through centralized management, and provide full visibility into wireless ecosystems.

The evolution of higher education will continue to impact the educational experience and quality offered to students and faculty. 

The eBook Cybersecurity in Higher Education: Enabling Secure Hybrid Learning outlines the most common security incidents and vulnerabilities affecting universities and describes how these events influence the IT priorities of these institutions. It is possible to safeguard the mission of educational institutions if they are aware that modern technologies can protect their cyberspace and thus create a secure digital ecosystem for users.