Education sector sees rising security concerns

September 21, 2021

NTT Application Security has released Volume 9 of its monthly AppSec Stats Flash report.

Each month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis and brings forward key actionable takeaways for security and development teams responsible for the applications that run their business.

This month, the NTT Application Security research team focused on cyberthreats targeting education applications as security concerns in that sector continue to grow. Accelerated online learning environments due to the pandemic and considerable rates of ransomware and phishing attacks against K-12 schools have increased focus on these organizations' unique cybersecurity challenges.

Key findings from AppSec Stats Flash Volume 9 include:

Although the education sector's breach exposure has remained relatively consistent this year, it's taking longer to fix high severity vulnerabilities compared to other industries (206 days vs. 201 days).
Applications within the education sector show an increased Window of Exposure (WoE) rate, rising to 57% in August from 53% last month.
53% of applications in the education sector have at least one critical vulnerability exploitable throughout the year. However, 34% of these applications have a Window of Exposure of less than one month. This means that severe vulnerabilities in 34% of applications in the sector get addressed within one month.

"The application security statistics for the education sector indicate a hyper-focus among organizations in this sector on a handful of critical web applications and fixing a handful of critical vulnerabilities in those applications. The approach seems to be working given the otherwise stable WoE metrics that are now, in fact, improving," said Setu Kulkarni, Vice President, Strategy, at NTT Application Security. "To accelerate the improvement in the education sector's overall application security posture, organizations in the sector should expand their approach to identify their overall attack surface and put in place a systematic program that progressively covers all applications. In addition, educational institutes should provide best-practice training to students to remain safe on the internet regardless of the state of the application security of the apps they interact with daily. Finally, educational institutions should demand that software as a service (SaaS) and non-SaaS products they use in a commercial off-the-shelf manner have been through rigorous AppSec programs."

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Security Operations Centers (SOCs) are a crucial component of safety and security culture. They support many strategic business objectives, from lowering costs and minimizing risk to improving employee trust and morale.

Poll

Business Travel Security

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Education sector sees rising security concerns

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Education sector sees rising security concerns

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.