by Samira Sarraf

Education sector is the most vulnerable to cloud attacks

Dec 16, 2019

Unused alumni accounts make preferred targets.

cloud security
Credit: Getty Images

The education sector was the most vulnerable to cloud account attacks with seven in 10 attack campaigns successful, according to a study.

Proofpoint’s Protecting People 2019, a Global Cybersecurity Analysis of Vulnerability, Attacks and Privilege report gathered data from January to June 2019 from 20 million user accounts.

“For cyber criminals, school districts, colleges and universities were easy prey. Possible reasons include large numbers of users (such as students) and decentralised security operations,” the report said.

One of the cyber attackers preferred targets are accounts that haven’t been used for some time such as those of school’s alumni.

“Many account owners don’t use the account often enough to notice anything amiss. Once attackers gain control over the account, they can use it for spam, malware and phishing campaigns—especially against other users within the school’s domain,” the report said.

Out of the 20 million user accounts analysed, there were more than 15 million unauthorised login attempts with 400,000 successful ones.

The report also found that, along with the educational sector, the food and beverage sector was also the most vulnerable during the first half of 2019. Specifically, franchisees were highly targeted and vulnerable to cloud-based attacks.

If a franchisee account is compromised it can give attackers access to corporate financial business processes and supply chains.

According to the report, the best protected industries were those heavily regulated such as finance and healthcare. Still, 20 per cent of attacks on finance organisations and 40 per cent on healthcare firms resulted in a successful compromise.

Cloud apps are being used as a new attack vector with business services, construction/engineering and the retail/wholesale sectors being slightly more heavily targeted in such attacks than other industries.

The report suggests that attackers won’t necessarily target those with hire roles in an organisation. However, it found that sales representatives and managers were among the most highly targeted users, mostly because the nature of their roles as they often must respond to unsolicited emails, exposing them to more phishing attacks.

Within organisations thought there are departments that will be more targeted than others. As the report suggests, workers in marketing/public relations functions represented the highest overall risk from malware and phishing, followed closely by facilities/internal support (which includes IT workers) and R&D/engineering.

“Email addresses in the marketing/PR category may be bigger targets simply because they are more readily accessible. Public relations professionals often include their full name, email address and other contact information in press releases and newsroom sections of company websites. And marketing professionals often promote themselves on social media and other digital channels,” the report found.