Seventy-nine percent of organizations suffered a cyberattack within the last 12 months, up 11 percentage points from 2023, and about half (47%) of all educational organizations faced unplanned expenses to fix security gaps due to a security incident, according to the latest survey by Netwrix Research Lab.
While incognito hackers and dangerous malware tend to occupy our imagination when it comes to cybersecurity, one surprising stakeholder was identified as IT professionals’ biggest risk to their cloud and on-premise infrastructure: company employees.
“Threats from business users usually involve mistakes or negligence, rather than malicious actions,” says Dirk Schrader, vice president of security research at Netwrix.
IT workers in education were the loudest to report a lack of budget and being understaffed as their top data security challenges. However, employee mistakes or negligence have become an equally concerning security issue across all industries studied, preoccupying nearly half of all respondents (47%). Phishing and user account compromise were the two most common security incidents in the education sector alone. Worldwide, 55% of IT professionals reported cyberattack incidents associated with account compromise, a 39-percentage-point spike since 2020.
“The survey trends confirm what industry experts have been saying for years: Identity is the new perimeter,” said Ilia Sotnikov, security strategist at Netwrix. “Attackers will continue to target them and—sooner or later—succeed.”
More from UB: Here’s how higher ed can win 20% more students
However, defenders are also increasing detection capabilities, Sotnikov added. Business executives are becoming more aware of the business risks of security incidents, heightening transparency and influencing the number of reported incidents. Multi-factor authentication, backups and password management techniques continue to be the most highlighted measures to protect company data.
“The best approach to mitigating the associated risks is to implement guardrails for end users and admins that keep mistakes from causing serious consequences,” Schrader says.
This trend is correlated to growing cloud adoption and the rise in remote and hybrid work. Over 80% of educational institutions have a hybrid IT architecture, compared to 74% across other industries.
“To enable research and collaboration, while staying on budget, educational institutions often provide a variety of shared devices and systems exposed to the internet—creating a massive attack surface,” Schrader said. “To mitigate risk, it is crucial to enforce strong password policies that prevent the use of weak and compromised passwords, implement multi-factor authentication (MFA), and adhere to the least privilege principle.”
