Webroot comment: A-level students at risk of email fraud
August 2019 by Webroot
This morning, a report was published that states that students are at risk of email fraud, with 65% of the UK’s top universities not using any form of an industry-recommended email authentication tool.
In response to this, Matt Aldridge, Senior Solutions Architect at Webroot, believes that educational institutions will continue to be targeted as long as students aren’t properly educated around the dangers of phishing attempts.
Matt Aldridge, Senior Solutions Architect, Webroot “Educational organisations will continue to be targets for cyberattacks. Unfortunately, the sprawling nature of a university – with all their separate faculties and facilities – and the inevitable movement of data between departments makes IT administration and security difficult to implement and maintain. Additionally, universities contain a wealth of valuable intellectual property which can be valuable to hackers, especially those acting on behalf of governments. However, schools and parents must also ensure that school leavers are properly equipped to deal with the advanced online threats that they will face as they begin to transact with new, large entities in the academic and commercial world.”
“Phishing attacks are only becoming more sophisticated and targeted, and it only takes one click to put an entire network at risk. To mitigate future attacks, universities need to keep up with the latest standards relating to email security and spoofing protection. IT teams must properly audit all machines connected to their networks and the data they hold. Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising the types of emails they receive. This should be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and sensible password policies. A tricky issue is that very valuable data is on individual students’ laptops/desktops as well as university servers, and the monitoring of access and the high benefit of stolen credentials pose real difficulties for the IT departments – a highly tied-down environment doesn’t match with the knowledge sharing culture of universities. Insider attacks too are difficult to stop. So avoiding all the different attack vectors is difficult and expensive and almost counter-productive.
“There needs to be an intimate understanding of the assets needing to be protected, where they are, their relative ‘value’. Then there needs to be agreement on how they should be secured vs. access and whole range of other issues.
“Universities are ripe for persistent IP theft and the ‘live off the land’ tactics that make it very difficult to separate normal from abnormal behaviours and whether it’s just plain IP theft by industrial competitors, or nation state activity, defenders have a lot of technical and social policies and procedures to be enforced at a very detailed level.”