Dive Brief:
- According to a new report from Duo Labs Research, 70% of universities surveyed in a Freedom of Information inquiry have fallen victim to phishing scams in the last year.
- Several of the schools surveyed indicated multiple attacks, and 10% indicated 51 or more attacks in the last year.
- The report focused heavily on U.K. institutions, but Jordan Wright, Senior R&D Engineer at Duo Security, said via email, "[I]t's safe to assume that U.S.-based universities are just as vulnerable to phishing attacks as those in the U.K."
Dive Insight:
It is no secret that institutions of higher education are prime targets for phishing scams. Wright said, "Regardless of geography, the large, diverse user base of students, faculty and staff, and all of the sensitive personal information that comes along with it, make universities a key target. Not to mention, universities are frequently involved in grant funded, innovative research that is valuable for a motivated attacker." And because of the number of end users connected to the server, one breach can create a nightmare for the institution, which can be quite costly to contain and fix.
While cybersecurity and network upgrades can be expensive, it is far more expensive to let those securities lapse. Phishing scams are becoming more complex, necessitating constant communication between the campus CIO/CTO or top IT staffer and the rest of the campus community. "When in doubt, call" is a good policy to enact, even if it means a barrage of phone calls to the tech team.