7 out of 10 UK Universities admit being duped by Phishing attacks

27 April 2017
Comments Comments Off on 7 out of 10 UK Universities admit being duped by Phishing attacks
27 April 2017, Comments Comments Off on 7 out of 10 UK Universities admit being duped by Phishing attacks

Back in November 2016, we filed Freedom of Information (FoI) requests to 70 universities across the U.K. asking questions around each institution’s experiences with phishing. The responses we received indicate that phishing is still a major security challenge – even for top universities.

The FoI Results

Multiple factors make universities a popular target for phishing attacks. They have a large, diverse user base consisting of students, faculty and staff, and they hold the sensitive personal information for these users as well as alumni. In addition, universities are frequently involved in grant funded, innovative research that is valuable to a motivated attacker.

The results of our FoI requests show firsthand the exposure universities have to phishing. Seventy percent of the universities who responded to these requests indicated that they have fallen victim to a phishing attack, with 12 of these universities reporting they had been attacked more than ten times in the past year. Seven of the universities that responded, including those with GCHQ Certified degree courses – Oxford University and Cranfield University – reported they had been struck more than 50 times.

One thing is clear from our results: Phishing remains an important security issue affecting universities.


How to Protect Yourself and Your Organization from Phishing

Phishing protection requires a defense-in-depth strategy. There are multiple mitigating factors you can put in place at each layer of the attack chain to help prevent users from falling victim to a phishing email, including:

  • Leverage 2FA For Critical Applications – Phishing attacks regularly aim to steal credentials from users which are then used by attackers to access applications. Enforcing 2FA ensures that stolen credentials can’t be used by attackers to access your applications.
  • Keep Devices Up-To-Date – As mentioned earlier, credentials are only part of the phishing threat. Knowing which devices are accessing your applications and ensuring these devices are up-to-date is critical to protecting against exploit kits which are used in phishing as well as other attacks such as malvertising.
  • Measure Your Exposure to Phishing – You can’t take action on what you can’t measure. We recommend regularly leveraging our free phishing simulation tool, Duo Insight, to measure your organization’s exposure to phishing. Plus, in our blog we offer recommendations to get more value out of your Duo Insight results and decrease your overall exposure to phishing.

These tips are basic measures you can take to significantly mitigate the effectiveness of phishing attacks. For a more comprehensive view on how these attacks are executed and measures to prevent them, check out our free guide, The Trouble With Phishing.

In this guide, you’ll get:

  • the latest phishing statistics by industry
  • a breakdown of how phishing works
  • the anatomy of a phishing attack

Download Duo’s guide today.

Phishing attacks aren’t going away anytime soon. 2016 was a record-breaking year for the number of unique phishing sites seen, and as our results show, these attacks continue to be effective. But by implementing the basic security hygiene measures covered here, you’ll make great strides toward mitigating phishing for your organization, giving both security and peace of mind.

[Source: Duo]

What next?

To talk to us about your Cyber Security please call us today on 01793 295000 to speak to an expert member of our team.


Comments are closed.