Educational Services

Please provide the information below to view the online Verizon Data Breach Investigations Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You may now close this message and continue to your article.

Summary
This industry saw phishing attacks in 28% of breaches and hacking via stolen credentials in 23% of breaches. In incident data, Ransomware accounts for approximately 80% of Malware infections in this vertical. Educational Services performed poorly in terms of reporting phishing attacks, thus losing critical response time for the victim organizations.
Frequency
819 incidents, 228 with confirmed data disclosure
Top Patterns
Everything Else, Miscellaneous Errors, and Web Applications represent 81% of breaches
Threat Actors
External (67%), Internal (33%), Partner (1%), Multiple (1%) (breaches)
Actor motives
Financial (92%), Fun (5%), Convenience (3%), Espionage (3%), Secondary (2%) (breaches)
Data compromised
Personal (75%), Credentials (30%), Other (23%), Internal (13%) (breaches)
Top Controls
Implement a Security Awareness and Training Program (CSC 17), Boundary Defense (CSC 12), Secure Configuration (CSC 5, CSC 11)

An Island of Misfit Breaches
You may be wondering, “What is this Everything Else pattern that is top of the class in this sector?” It sounds like the kitchen drawer where all the odds and ends wind up, and in a way, it is. If an attack doesn’t meet the criteria of one of the other attack patterns, it ends up here, with that olive pit remover you got from your Secret Santa.
Phishing dominates the Everything Else pattern by a comfortable margin, not unlike many other industries. However, the Educational Services sector stands out by also getting a failing grade in phishing reporting practices. Of all industries, according to our non-incident data, only 24% of organizations had any phishing reporting at all, and none of them had at least 50% of the emails reported in phishing awareness campaigns. It is exceedingly important to encourage your user base to let you know when your organization is being targeted. If they don’t report it, you miss out on your early warning system.
Similarly, the presence of the Web Applications pattern is mostly because of the Use of stolen creds on cloud email accounts. Although we cannot say this is the organizations’ fault, according to our non-incident data analysis, Educational Services have the longest⁴⁰ number of days in a year—28—where they had credential dumps run against them. The global median here is eight days. The overall number of credentials attempted is also one of the highest of all industries we analyzed for this year’s report (Figure 64).

Outside of those two patterns, sadly the news is still not great. Ransomware is really taking hold of Education vertical incidents, and has been responsible for 80% of the Malware-related incidents, up from 48% last year (Figure 65). All of those Ransomware cases have also played a role in the increase we have seen in financially motivated incidents for the past two years.
One additional concern in this sector is the fact that according to our analysis, this is the only industry where malware distribution to victims was more common via web sites than email. This information doesn’t really seem to make sense until you consider malware being distributed via unmonitored email (such as personal mail accounts from students on bring-your-own devices connected to shared networks), and all of those infections obviously endanger the larger organization.