Stronger defenses and proactive measures will help universities protect sensitive data and research against increasing threats. According to Microsoft’s Cyber Signals report, education ranked as the third most-targeted sector in the second quarter of this year. The combination of valuable data and inherent vulnerabilities in educational systems attracts the attention of various hackers, using either new malware techniques or state actors engaging in traditional espionage.
Increasing cyberattacks in Africa
Higher education institutions in Africa, one of the most targeted regions globally for cyberattacks, face a particular concern. A recent study involving 60 African universities revealed that most of these institutions had fallen victim to hacking. Additionally, these institutions often lack adequate cybersecurity policies and controls, especially regarding organizational, human, physical, and technological resources.
Last year, a major Moroccan higher education institution faced a security breach in its master’s program nomination platform, while a private university in Nigeria saw its website entirely hacked. According to the Cyber Signals report, over 15,000 emails containing malicious QR codes were sent through Microsoft Office 365 messaging alone last year, underscoring the persistence of these threats.
Several reasons explain why hackers often target the education sector. Unlike traditional businesses, universities have a diverse group of users: students, professors, administrative staff, and more. The open, dynamic nature of university environments, frequent activities, and the presence of international students make them particularly vulnerable to cyberattacks.
Vigilance over email systems
This naturally open environment often results in more relaxed email security at universities. Since a high volume of emails flows through their systems, institutions face limitations in implementing controls while remaining accessible to alumni, donors, and external collaborators. This combination of openness and lack of control makes them prime targets for attacks.
Virtual and distance learning has also extended educational applications into homes and workplaces. Personal and shared devices, which are often unmanaged, create vulnerabilities in university servers. Students, not always cybersecurity-conscious, may unknowingly expose their devices to risks.
Legacy infrastructure creates vulnerabilities
Higher education often faces well-known financial and operational challenges. Digital classrooms must often operate alongside older applications and other IT resources, making system management and protection challenging, especially given the difficulty of retaining cybersecurity experts on staff. This combination leaves educational systems more vulnerable to attacks.
Building a solid security curriculum
Strengthening cybersecurity measures can be a daunting and costly task for schools, but they can take certain steps to protect themselves. It’s essential to fully understand the threat environment. Microsoft’s commitment to securing the digital ecosystem plays a central role, as security remains a top priority to earn and retain the trust of decision-makers.
Beyond current knowledge, maintaining good IT hygiene is vital. Raising awareness of security risks and promoting best practices among students, faculty, staff, and administrators can help create a safer environment.
For IT and security professionals in education, starting with the basics and fortifying security is wise. Centralized technical configuration can help monitor activities more effectively and identify vulnerabilities more easily. To prevent password spray attacks, schools should enforce strong passwords and implement multi-factor authentication.
Investing now to find solutions against hackers
It’s also crucial for universities to teach students and staff good security habits and encourage the use of multi-factor authentication or passwordless options. According to the report, accounts are over 99.9 % less likely to be hacked with multi-factor authentication.
By establishing stronger defenses and proactive measures, universities can better equip themselves to repel the growing threats to their sensitive data and cutting-edge research. Building a strong security posture extends beyond technology; it involves fostering a culture of vigilance ready to handle potential attacks. Investing in these measures now will protect their valuable assets and ensure the uninterrupted continuation of essential work.
