Educational Services
NAICS 61

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

     

    1,241 incidents, 282 with confirmed data disclosure

    Top patterns

     

    System Intrusion, Basic Web Application Attacks, and Miscellaneous Errors represent 80% of breaches

    Threat actors

     

    External (75%), Internal (25%) (breaches)

    Actor motives

     

    Financial (95%), Espionage (5%) (breaches)

    Data compromised

     

    Personal (63%), Credentials (41%), Other (23%), Internal (10%) (breaches)

    Top IG1 protective controls

     

    Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)

    What is the same?

     

    This industry continues to be impacted by attacks targeting their external infrastructure and are largely targeted by External actors with Financial motives. However, Educational Services also faces accidents as one of the top causes of breaches." We say 'this industry' too much in the summary.

    Summary

     

    Educational Services follows an eerily similar trend to the majority of the other industries; it is experiencing a dramatic increase in Ransomware attacks (over 30% of breaches). In addition, this industry needs to protect itself against stolen credentials and phishing attacks potentially exposing the personal information of its employees and students.

  • Patterns

     

    5-Year difference

     

    3-Year difference

    Basic Web Application Attacks

     

    No change

     

    Greater

    System Intrusion

     

    Greater

     

    Greater

    Miscellaneous Errors

     

    No change

     

    Less

  • Pattern

     

    Difference with peers

     

     

    System Intrusion

     

    Greater

     

     

    Basic Web Application Attacks

     

    Less

     

     

    Miscellaneous Errors

     

    Greater

     

     

  • Alright, class is back in session, put away your NSYNC Trapper Keeper and get out a number two pencil, cause you’re about to get schooled on the breaches and incidents impacting the Educational Services industries. System Intrusion, Social Engineering and DoS are the leading causes of incidents and System Intrusion, BWAA and Errors lead the way with regard to breaches. Falling along the peak of the grading curve, this industry also has Use of stolen creds and Ransomware as the top two Actions varieties, which is a very dangerous combination. The rumor is stolen creds and ransomware quit school due to recess, because they don’t play around.

  • While an erroneous number in a calculation might result in a few points off of your homework, the erroneous end user might result in a data breach. Thirty four percent of the errors found in this industry were from an email sent to the wrong people, or with the wrong attachment.

    While errors may have decreased over the past three years, they’re still a relatively normal occurrence that should be taken seriously, especially considering the various troves of data schools handle, we would hate to have our poor little Bobby Tables’ data leaked.25

  • 2017 Year Book

    There’s nothing quite like the feeling of nostalgia that hits you when you’re looking over your old yearbook. Signatures and notes from friends long ago, ahh, the good old days. We get that same feeling when looking back at the 2017 DBIR and see Cyber-Espionage as the top breach pattern for this industry. No worries though, Espionage has not graduated and moved away yet. It shows up in 34% of incidents this year. Figure 85 captures the shifts in data and the somewhat dramatic rise of Espionage that is still all too present today. Unfortunately, unlike your opinionated high school friends on social media, you can’t just block espionage from cluttering up your feed. 

Let's get started.