Microsoft Reveals Rising Cyberattacks Across Higher Education Sector and K-12 Institutions
Microsoft's latest Cyber Signals Report revealed that the
education sector is the third-most targeted industry globally. This phenomenon
is mirrored in Hong Kong, where a recent study identified the education sector
as the most targeted industry for cyberattacks this year. Given the vast amount
of sensitive data it handles, including health records, financial data and
other regulated information, the sector must prioritize enhanced security
measures.
According to Microsoft's latest Cyber Signals Report, the
risk of cyberattacks is becoming more prevalent in the education sector:
- Institutions face an average of 2,507 cyberattack attempts
per week globally, with universities being prime targets for malware, phishing
and IoT threats.
- Over the past year, Microsoft Defender for Office 365
blocked more than 15,000 emails per day targeting the education sector with
malicious QR codes.
- The increasing AI adoption in higher education has added
new layers of complexity in cyberattacks, as attackers exploit vulnerabilities
in AI-enabled systems.
Proactively safeguarding sensitive research data in the Higher Education
sector beyond traditional campus boundaries
Globally recognized for their pioneering academic innovation
and research endeavors, local higher education institutions are proactively
embracing AI and technologies in teaching and learning. However, as they
advance their research collaborations with external partners, the exchange of
information potentially expands the attack surface, necessitating the need for
a robust security strategy.
"Additionally, students' 'bring your own device' (BYOD)
practice and access to public Wi-Fi hotspots have posed security challenges
that transcend traditional campus boundaries." said Fred Sheu, National
Technology Officer, Microsoft Hong Kong. "To support Hong Kong's ambition
as an advancing innovation hub, Microsoft Hong Kong closely collaborates with
the education institutions to safeguard the teaching and learning environments
within and beyond campus."
Microsoft Hong Kong said it remains resolute in assisting the
sector to protect its community and assets through a secure AI platform,
bolstering protocols against evolving threats for data protection and secure
information sharing. With clear and sufficient AI practices and security guidelines,
the education sector can strengthen their digital infrastructure and
operational resilience to fend off different types of system disruptions.
Increasing awareness of the latest cyber threats and security hygiene is
crucial in K-12
In fact, K-12 organizations are not exempted from
ill-intentioned criminals. Unfortunately, they often lack the necessary
resources and awareness to combat such threats effectively. Therefore,
Microsoft Hong Kong has partnered with Hong Kong Association of Computer Education
(HKACE) to empower 2,800 teachers and staff from 32 local schools to bolster
their defenses with Microsoft 365 A3.
"The collaboration aims to provide schools with
enterprise-grade collaboration tools to safeguard their sensitive information.
Educating students, teachers and staff on cybersecurity best practices is a
crucial step in the face of rampant ransomware and phishing attacks. By
increasing cybersecurity awareness, providing essential training and leveraging
partnerships to deliver educational resources, schools can better protect
themselves against malicious threats," said Principal Kam Wai Ming,
Honorary Chairman, HKACE.
Microsoft urges the sector to combat threats with vigilance, protection
and authentication tools, as well as enhanced training
Microsoft remains committed to providing a trustworthy
platform for educators and students to excel their full potential. To better
protect and secure data, the company encourages institutions, staffs, teachers
and students to follow these recommendations:
- The best defense against QR code attacks is to increase
vigilance. Pause, inspect the code's URL before opening it, and don't open QR
codes from unexpected sources, especially if the message uses urgent language
or contains errors.
- Consider implementing "protective domain name
service", a tool that helps prevent ransomware and other cyberattacks by
blocking computer systems from connecting to harmful websites. Prevent password
spray attacks with a stringent password and deploy multifactor authentication.
- Educate students and staff about their security hygiene and
encourage them to use multifactor authentication or passwordless protections.
Studies have shown that an account is more than 99.9 percent less likely to be
compromised when using multifactor authentication.
Microsoft has launched role-based trainings for leaders,
educators, students, parents and IT professionals aligned to recommendations of
the United States Cybersecurity and Infrastructure Security Agency.
Leave A Comment