Industry leaders are weighing the news that University College London (UCL) faced nearly 60 million malicious email attacks in the first three months of 2022, according to official data.
The data, analyzed by Parliament Street think tankrevealed that a total of 58,628,604 spam, phishing, malware and edge blocking attacks were successfully blocked by the university between December 24, 2021 and March 23, 2022.
Edge Block software, which automatically blocks email messages sent to recipients that don’t exist in the Office 365 tenant, accounted for 88 percent of thwarted malicious attacks.
Spam emails accounted for 6,720,913 blocked attacks, while phishing accounted for 408,212 attacks and malware 53,753 attacks.
The UCL said it only keeps records for the number of blocked emails for 90 days.
The news comes amid growing cyber fears among higher education institutions, with the National Cyber Security Center (NCSC) strongly advising organizations to “follow actionable steps in the NCSC guide that reduce the risk of falling victim to an attack “.
Tim Sadler, CEO and co-founder of Tessianocommented:
“Educational institutions are routinely targeted by cybercriminals who want to get hold of the valuable information and data they hold, such as the world’s leading research, intellectual property and personal financial details of thousands of university staff, students and former students. Due to the heavy nature of the industry and reliance on email to stay in touch with each other, phishing is an easy way for these cybercriminals to “get in” and quickly leads to data loss and ransomware attacks.
“In recent years, some universities have ‘paid off’ for ransomware cyberattacks and this could encourage even more. Moving forward, it is imperative that universities understand the ways their staff and students could be targeted by phishing campaigns and train them on what to look for. “
Achi Lewis, Area Vice President EMEA,Absolute softwarehe also commented:
“Using a zero-trust resilient approach to verify that all users have access to important data can help stop an attack before it occurs. While it is also important to have recovery policies and technologies in place to shut down or block infected devices to prevent an attacker from gaining access to other areas of an organization’s IT network. “
Andy Robertson, head of Fujitsu Cyber Security, Fujitsu United Kingdom & I She said:
“In the future, universities must offer their students the same protection and guarantees that large companies offer their customers and clients.
“And with employees and students working and studying in a hybrid way, which means they regularly use their devices and Wi-Fi, it’s critical that they implement security tools like Multi-Factor Authentication (MFA) and Conditional Access (CA) to the data. These tools allow educational institutions to set policies that control who can connect, from where they can connect and from which devices. “
Nelson Ody, product manager, Cyber Security at RMadds:
“Ultimately, universities and similar institutions must treat these attacks as if they were physical – they must prepare to deal with them as they do a fire drill.”
The cybersecurity industry reacts to UCL email attacks
Source link The cybersecurity industry reacts to UCL email attacks