Latest NTT Application Security Research Finds Education Sector Sees Rising Security Concerns
September 2021 by NTT
NTT Application Security is releasing Volume 9 of the company’s monthly AppSec Stats Flash report, which reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis and brings forward key actionable takeaways for security and development teams responsible for the applications that run their businesses.
Each month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis and brings forward key actionable takeaways for security and development teams who are responsible for the applications that run their business. This month, the NTT Application Security research team focused on cyberthreats targeting education applications as security concerns in that sector continue to grow. Accelerated online learning environments due to the pandemic and considerable rates of ransomware and phishing attacks against K-12 schools have increased focus on the unique cybersecurity challenges these organizations face.
Key Findings from AppSec Stats Flash Volume 9 Include:
Although the education sector’s breach exposure has remained relatively consistent this year, it’s taking longer to fix high severity vulnerabilities compared to other industries (206 days vs 201 days).
Applications within the education sector show an increased Window of Exposure (WoE) rate, rising to 57% in August from 53% last month.
53% of applications in the Education sector have at least one critical vulnerability exploitable throughout the year. However, 34% of these applications have a Window of Exposure of less than one month. This means that serious vulnerabilities in 34% of applications in the sector get addressed within one month.
"The application security statistics for the Education sector indicate a hyper focus among organizations in this sector on a handful of critical web applications and fixing a handful of critical vulnerabilities in those applications. The approach seems to be working given the otherwise stable WoE metrics that are now in fact improving,” said Setu Kulkarni, Vice President, Strategy, at NTT Application Security. "To accelerate the improvement in the Education sector’s overall application security posture, organizations in the sector should expand their approach to identify their overall attack surface and put in place a systematic program that progressively covers all applications. In addition, Educational institutes should provide best-practice training to students so that they can remain safe on the internet regardless of the state of the application security of the apps they interact with on a daily basis. Finally, educational institutions should demand that the SaaS and non-SaaS products they uses in a COTS manner have been through rigorous AppSec programs.”