Cyber security and compliance firm Proofpoint Inc has released new research suggesting that 97% of top universities globally lag behind basic cybersecurity measures.
This means they are potentially exposing students, staff and stakeholders to a greater risk of email-based impersonation attacks.
Educational institutions are particularly vulnerable to Business Email Compromise (BEC) imposter emails.
BECs are a form of social engineering designed to trick victims into thinking they have received a legitimate email from an organization or institution.
Cybercriminals use this technique to extract personal information from students and staff by masking emails as messages from the university’s IT department or a campus group, often directing users to fake landing pages to collect credentials.
The findings are based on the Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of the top ten universities in the UK, US and Australia.
DMARC is an email validation protocol designed to protect domain names from misuse by cybercriminals.
Authenticates the sender’s identity before allowing a message to reach its intended destination. DMARC has three levels of protection: monitoring, quarantine and denial, with denial being the safest to prevent suspicious emails from reaching your inbox.
Ahead of Level A results day on August 18, Proofpoint also found that none of the UK’s top 10 universities have adequate cybersecurity controls in place to actively prevent fraudulent emails from reaching recipients.
With a record 320,000 sixth trainers in the UK By applying for higher education positions this summer, the rise in email communications could offer cybercriminals the opportunity to fool students with fraudulent phishing emails.
Adenike Cosgrove, cyber security strategist at Test point he said: “Higher education institutions are very attractive targets for cybercriminals as they hold large amounts of sensitive personal and financial data.
“Email remains the most common vector of security compromise across industries. In recent years, the frequency, sophistication and cost of cyber attacks against universities have increased.
“It is the combination of these factors that makes it particularly concerning that none of the UK’s top 10 universities are fully DMARC compliant.”
New research suggests universities lack “adequate cybersecurity controls”
Source link New research suggests universities lack “adequate cybersecurity controls”