New information shows that major universities in the United States are in the worst bracket in terms of protecting students and staff from email fraud. Research from Proofpoint shows that leading universities do not have the required security measures in place.
Protection is so lacking that there is little to no prevention for even common threats such as domain spooking. It is worth noting this is not just happening in the US, with top schools in the UK and Australia also struggling.
Proofpoint research shows 97% of top 10 universities across the three countries are underprepared for email threats. Students and staff are at high risk of email impersonation and other common threat tactics.
Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint says the number of attacks on universities and the severity of attacks has been increasing in recent years:
“It's the combination of these factors that make it especially concerning that the premier universities in the U.S. are currently the most vulnerable to attack,” Kalember points out.
Higher education institutions are good attack target because they store “masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare,” Kalember adds.
Research
Universities the researchers looked at include Harvard, Princeton, Columbia, Yale, California Berkeley, Los Angeles, Standford, Pennsylvani, New York, and MIT. The team also looked at the top 10 universities in Australia and the United Kingdom using Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis.
DMARC is a validation protocol for emails that protects domain names by authenticating user identity when sending emails. It has three protection tiers: monitor, quarantine, and reject.
“People are a critical line of defense against email fraud but remain one of the biggest vulnerabilities for organizations,” Kalember said. “When fully compliant with DMARC, a malicious email can't reach your inbox, removing the risk of human interference.”
Tip of the day: Windows now has a package manager similar to Linux called “Winget”. In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.
