Microsoft Reveals Rising Cyberattacks Across Higher Education Sector and K-12 Institutions

• 08 Nov 2024
• TM Team
• 0 Comments

Microsoft's latest Cyber Signals Report revealed that the education sector is the third-most targeted industry globally. This phenomenon is mirrored in Hong Kong, where a recent study identified the education sector as the most targeted industry for cyberattacks this year. Given the vast amount of sensitive data it handles, including health records, financial data and other regulated information, the sector must prioritize enhanced security measures.

According to Microsoft's latest Cyber Signals Report, the risk of cyberattacks is becoming more prevalent in the education sector:

- Institutions face an average of 2,507 cyberattack attempts per week globally, with universities being prime targets for malware, phishing and IoT threats.

- Over the past year, Microsoft Defender for Office 365 blocked more than 15,000 emails per day targeting the education sector with malicious QR codes.

- The increasing AI adoption in higher education has added new layers of complexity in cyberattacks, as attackers exploit vulnerabilities in AI-enabled systems.

Proactively safeguarding sensitive research data in the Higher Education sector beyond traditional campus boundaries

Globally recognized for their pioneering academic innovation and research endeavors, local higher education institutions are proactively embracing AI and technologies in teaching and learning. However, as they advance their research collaborations with external partners, the exchange of information potentially expands the attack surface, necessitating the need for a robust security strategy.

"Additionally, students' 'bring your own device' (BYOD) practice and access to public Wi-Fi hotspots have posed security challenges that transcend traditional campus boundaries." said Fred Sheu, National Technology Officer, Microsoft Hong Kong. "To support Hong Kong's ambition as an advancing innovation hub, Microsoft Hong Kong closely collaborates with the education institutions to safeguard the teaching and learning environments within and beyond campus."

Microsoft Hong Kong said it remains resolute in assisting the sector to protect its community and assets through a secure AI platform, bolstering protocols against evolving threats for data protection and secure information sharing. With clear and sufficient AI practices and security guidelines, the education sector can strengthen their digital infrastructure and operational resilience to fend off different types of system disruptions.

Increasing awareness of the latest cyber threats and security hygiene is crucial in K-12

In fact, K-12 organizations are not exempted from ill-intentioned criminals. Unfortunately, they often lack the necessary resources and awareness to combat such threats effectively. Therefore, Microsoft Hong Kong has partnered with Hong Kong Association of Computer Education (HKACE) to empower 2,800 teachers and staff from 32 local schools to bolster their defenses with Microsoft 365 A3.

"The collaboration aims to provide schools with enterprise-grade collaboration tools to safeguard their sensitive information. Educating students, teachers and staff on cybersecurity best practices is a crucial step in the face of rampant ransomware and phishing attacks. By increasing cybersecurity awareness, providing essential training and leveraging partnerships to deliver educational resources, schools can better protect themselves against malicious threats," said Principal Kam Wai Ming, Honorary Chairman, HKACE.

Microsoft urges the sector to combat threats with vigilance, protection and authentication tools, as well as enhanced training

Microsoft remains committed to providing a trustworthy platform for educators and students to excel their full potential. To better protect and secure data, the company encourages institutions, staffs, teachers and students to follow these recommendations:

- The best defense against QR code attacks is to increase vigilance. Pause, inspect the code's URL before opening it, and don't open QR codes from unexpected sources, especially if the message uses urgent language or contains errors.

- Consider implementing "protective domain name service", a tool that helps prevent ransomware and other cyberattacks by blocking computer systems from connecting to harmful websites. Prevent password spray attacks with a stringent password and deploy multifactor authentication.

- Educate students and staff about their security hygiene and encourage them to use multifactor authentication or passwordless protections. Studies have shown that an account is more than 99.9 percent less likely to be compromised when using multifactor authentication.

Microsoft has launched role-based trainings for leaders, educators, students, parents and IT professionals aligned to recommendations of the United States Cybersecurity and Infrastructure Security Agency.