Back in November 2016, we filed Freedom of Information (FoI) requests to 70 universities across the U.K. asking questions around each institution’s experiences with phishing. The responses we received indicate that phishing is still a major security challenge – even for top universities.
Multiple factors make universities a popular target for phishing attacks. They have a large, diverse user base consisting of students, faculty and staff, and they hold the sensitive personal information for these users as well as alumni. In addition, universities are frequently involved in grant funded, innovative research that is valuable to a motivated attacker.
The results of our FoI requests show firsthand the exposure universities have to phishing. Seventy percent of the universities who responded to these requests indicated that they have fallen victim to a phishing attack, with 12 of these universities reporting they had been attacked more than ten times in the past year. Seven of the universities that responded, including those with GCHQ Certified degree courses – Oxford University and Cranfield University – reported they had been struck more than 50 times.
One thing is clear from our results: Phishing remains an important security issue affecting universities.
Phishing protection requires a defense-in-depth strategy. There are multiple mitigating factors you can put in place at each layer of the attack chain to help prevent users from falling victim to a phishing email, including:
These tips are basic measures you can take to significantly mitigate the effectiveness of phishing attacks. For a more comprehensive view on how these attacks are executed and measures to prevent them, check out our free guide, The Trouble With Phishing.
In this guide, you’ll get:
Phishing attacks aren’t going away anytime soon. 2016 was a record-breaking year for the number of unique phishing sites seen, and as our results show, these attacks continue to be effective. But by implementing the basic security hygiene measures covered here, you’ll make great strides toward mitigating phishing for your organization, giving both security and peace of mind.