When thinking about industries that cybercriminals might target, tertiary education probably isn’t the first to come to mind. But according to the latest edition of Microsoft’s Cyber Signals report, education was the third most targeted industry in the second quarter of this year. The mix of valuable data and inherent vulnerabilities in education systems has caught the eye of various attackers—from those using new malware techniques to nation-state actors involved in traditional espionage.
This is a particular concern for tertiary institutions in Africa, which is one of the most targeted regions in the world when it comes to cyberattacks. In fact, a recent study of 60 Kenyan universities showed that most of these institutions were experiencing hacks, while also battling a lack of adequate cybersecurity policies and controls, including organisational, human, physical and technological resources.
Just last year a prominent Moroccan institution of higher learning was hit by a security breach of its master’s degree nomination platform, while a private university in Nigeria had its website completely overtaken by hackers.
It’s clear that the education industry’s vulnerabilities haven’t gone unnoticed by cybercriminals. According to the Cyber Signals report, in the past year alone, more than 15,000 emails with malicious QR codes were sent daily to the sector using Microsoft Office 365 email. This highlights just how targeted and persistent these threats have become.
There are several reasons why hackers often target the education sector. Unlike typical enterprises, universities have a diverse group of users—students, faculty, administration staff, and others. The open and dynamic nature of university environments, with frequent activities and international students, makes them particularly vulnerable to cyberattacks.
Email systems in schools offer wide spaces for compromise
This naturally open environment means universities are often more relaxed about email security. With a lot of emails creating noise in the system, institutions are limited in how they can place controls because they need to stay accessible for alumni, donors, and external collaborations. This mix of openness and lack of controls makes them prime targets for attacks.
Virtual and remote learning have also extended educational applications into homes and offices. Personal and shared devices, which are often unmanaged, are everywhere. Students, not always savvy about cybersecurity, might unknowingly expose their devices to risks.
Legacy infrastructure leaves school systems vulnerable
The tertiary education sector often faces well-known funding and operational challenges. This means that cutting-edge digital classrooms have to operate alongside older applications and other IT assets. Managing and safeguarding these varied systems is tough, especially when it’s hard to keep cybersecurity experts on staff. This combination leaves school systems more vulnerable to attacks.
Nation-state actors are after valuable IP and high-level connections
Cybercriminals know that schools handle sensitive, regulated information and must stay open and accessible, making them targets for ransomware and extortion.
Universities are hubs for valuable intellectual property and cutting-edge research, often in collaboration with government agencies. This makes them attractive to attackers looking to steal or leverage sensitive data.
For example, it can be easier for hackers to initially target someone in the education sector with ties to the defense sector and then use that access to launch more convincing phishing attacks on higher-value targets.
Introducing a strong security curriculum
Strengthening security measures can be a daunting and expensive task for schools, but there are steps they can take to protect themselves.
Having a clear understanding of the threat environment is an essential place to start. Reports like Cyber Signals are invaluable resources for chief information security officers and their teams as they refine technologies, policies, and processes. This quarterly cyberthreat intelligence brief, informed by the latest Microsoft threat data and research, provides expert insights into the current threat landscape and the tactics and techniques used by threat actors. It underscores Microsoft’s commitment to securing the digital ecosystem, in which we play such a central role. At Microsoft, security is our top priority, ensuring we earn and maintain the trust placed in us.
Beyond current insights, maintaining strong cyber hygiene is crucial. Raising awareness of security risks and promoting good practices among students, faculty, staff, and administrators can help create a safer environment.
For IT and security pros in education, starting with the basics and beefing up security is a good move. Centralising the tech setup can assist in monitoring activities more effectively and spotting vulnerabilities more easily. Specifically, the Cyber Signals report recommends that IT teams think about using “protective domain name service,” a handy free tool that can help stop ransomware and other cyberattacks by blocking access to harmful websites. To prevent password spray attacks, they should make sure to enforce strong passwords and set up multifactor authentication.
For under-resourced IT teams, tools such as Microsoft Copilot for Security can significantly enhance the efficiency and capabilities of security defenders, allowing them to improve their security outcomes at machine speed and scale. This AI-powered security solution provides an assistive copilot experience, supporting professionals in end-to-end scenarios like incident response, threat hunting, intelligence gathering, and posture management.
It’s also important for universities to teach students and staff about good security habits and encourage them to use multifactor authentication or passwordless options. According to the report, accounts are more than 99.9% less likely to get hacked with multifactor authentication.
By putting stronger defenses and proactive measures in place, universities can better equip themselves to fend off the increasing threats to their sensitive data and groundbreaking research. Building a solid security posture isn’t just about technology; it’s also about fostering a watchful culture ready to manage potential attacks. Investing in these measures now will safeguard their valuable assets and ensure their critical work continues without disruption.
Phyllis Migwi is the Country General Manager, Microsoft Kenya.
