The Education vertical has an unusually large percentage of Social Engineering attacks in which Pretexting is the variety. These are typically with a view toward instigating a fraudulent transfer of funds. Miscellaneous Errors and System Intrusion are both still enrolled as well, and are taking a full load.
1,332 incidents, 344 with confirmed data disclosure
Social Engineering, Miscellaneous Errors, and System Intrusion represent 86% of breaches
External (80%), Internal (20%), Multiple (1%) (breaches)
Financial (96%), Espionage (3%), Fun (1%), Convenience (1%), Grudge (1%) (breaches)
Personal (61%), Credentials (51%), Other (12%), Medical (7%) (breaches)
Top IG1 Protective Controls
Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- 2021 DBIR Corrections
- Download the full report (PDF)
The Education sector has certainly had a challenging year, with the pandemic mandating that classes be held online, in a hybrid form, and sometimes, not at all. With those challenges comes opportunity—mostly for criminals. This sector is assailed by Financially motivated actors looking to gain access to the data and systems of the people who are just trying to get through the school day.
One of the top patterns in this industry is Social Engineering (Figure 101), and in looking at these cases, Social Engineering aficionados will craft a simple phishing email and wait for their victims to reach out to them. In the Education sector, they seem to be harkening back to their creative writing courses, and are putting forth the effort to invent a convincing scenario to get their victim to respond (Figure 102).
Are they getting good grades for their efforts? Yes, they get an A for “appropriation” of funds that do not belong to them. Considering their continued success at causing money to be transferred to them, they have clearly mastered the art of believability in their prose.
It stands to reason that people with access to wire transfers and other kinds of payments should be targeted for special training to help combat this kind of attack. Other controls to prevent wire transfers to new bank accounts should also be put in place.
Miscellaneous Errors and System Intrusion were almost tied in their bid for second place in the patterns for this sector. We see Misconfiguration (largely of databases that are spun up without the benefit of access controls, open for the world to see because knowledge wants to be free, right?) as the most common variety (Figure 103).
The System Intrusion pattern tells a tale of two actions—namely Hacking and Malware. Credential attacks are the most common starting point, with the credentials frequently coming from the result of other breaches and/or credential re-use. The attacker moves on to installing malware once they have their foothold established. Ransomware is a favorite malware flavor, and we’ve seen some groups taking copies of the data prior to triggering the encryption and then using it as further pressure against the victim.
Ransomware is a favorite malware flavor, and we’ve seen some groups taking copies of the data prior to triggering the encryption and then using it as further pressure against the victim.
Let's get started.
Choose your country to view contact details.
- Select Country...
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.