A report from KnowBe4 assesses the cybersecurity posture of the education sector. According to the report, the education sector is not prepared for the escalating cyber threat landscape. Both primary and higher education institutions typically rely on third-party vendors for IT services, cloud storage and software-as-a-service, which could open these education institutions up to risk as breaches within third-party vendors can go undetected. 

Intruding in education systems is easier for malicious actors due to limited resources and rising demands for modernization, which leave education institutions with mixed modern and legacy IT systems. This could compromise sensitive data on outdated and exploitable systems. 

The most prominent attack in the education sector is ransomware, while phishing was the most common technique to gain initial foothold. The most common email attachments to distribute malware were PDFs, HTML files and executables.  

The report emphasizes the value of security awareness training in the education sector. After a year or more of training, employee susceptibility to phishing attempts decreased from 33.4% to 3.9% in small educational institutions.