Skip to content
DMARC analysis by Proofpoint shows that US institutions have among some of the worst protections to prevent domain spoofing, & lack protections to block fraudulent emails.
They lack security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found.
Top 10 Universities
97% of the top 10 universities in the US, the UK & Australia are allowing students, staff & administration higher risks of email-based impersonation, & other attacks, because their systems lack basic security, according to new research from Proofpoint, revealed Tues.
Also, US institutions are the ‘worst offenders,’ with some of the poorest levels of cyber-security protection, researchers found.
This news is worrying, especially as email remains the most common route for security compromises across all industries, observed Ryan Kalember, Executive VP of Cyber-Security Strategy at Proofpoint, in a statement. In addition, the frequency, sophistication, & cost of cyber-attacks against universities has increased in recent years, he stated.
Major Target
“It’s the combination of these factors that make it especially concerning that the premier universities in the US are currently the most vulnerable to attack,” Kalember noted.
Universities & other institutions of higher education store “masses of sensitive personal & financial data, perhaps more so than any industry outside healthcare,” he outlined.
This, unfortunately, makes them a major target for cyber-criminals, who currently have an easy pathway to attack due to lack of email protections, he explained.
Lacking Email Protection
Among universities in the US, Proofpoint looked at Columbia, Harvard, Princeton, Yale & Stanford universities, the Universities of California Berkeley & Los Angeles, the University of Pennsylvania, Massachusetts Institute of Technology (MIT) & New York University.
Researchers used Domain-based Message Authentication, Reporting & Conformance (DMARC) analysis of these universities as well as the top 10 in the UK & Australia to make their assessment.
DMARC is an ‘email validation protocol’ aimed at protecting domain names from being misused by cyber-criminals by authenticating the sender’s identity before sending a message to its intended destination, researchers noted.
Impersonating
This misuse can occur in cyber-criminals impersonating an authentic body by what is called “spoofing” its domain, which leads a recipient of an email to think it is legitimate when not.
DMARC has 3 levels of protection: monitor, quarantine & reject; the last is the most secure for preventing suspicious emails from reaching the inbox. Proofpoint found that none of the top US & UK universities had a Reject policy in place that can actively block malicious emails from reaching their targets, leaving users of their email systems open to email fraud.
Did Not Publish
While 65% of the top US & UK universities — or 13 out of 20–did have a base level of DMARC protection to either monitor or quarantine emails, 5 of the top 10 US universities did not publish any level of DMARC record, researchers found.
More specifically, 11 out of the 20 institutions investigated in the US & UK have a Monitor policy in place, while only 2 have a Quarantine policy in place, they outlined. Across all the 30 universities observed, 17 of them (57%) implemented at least a Monitor policy, while 4 of them (13%) had at least a Quarantine policy, according to Proofpoint.
Universities in the Crosshairs
Educational facilities have never been at the ‘top end’ of security, & new protocols such as remote classes held over the Zoom video platform & others put in place during the COVID-19 pandemic have only worsened the situation.
With this new shift to remote learning & a hybrid model of in-person & online courses going forward, cyber-attacks against universities will continue to increase, researchers warned.
Exploiting human error through socially engineered malicious emails is ‘easy pickings’ for cyber-criminals, especially when there is no barrier to block these suspicious emails from reaching inbox of unsuspecting victims, according to Proofpoint.
Worse Attacks
Also, email is often a gateway for worse attacks. One type of attack that can initiate as an email-related breach is ransomware, which has become a major issue at universities in recent years.
One 157-year-old college–Illinois-based Lincoln College–even closed its doors recently due to a combination of pressures from the pandemic & a ransomware attack that pushed it to its breaking point.
A major issue that Proofpoint uncovered in its recent Voice of the CISO report is that CIOs in the education sector are feeling ‘neglected’ by their respective organisations, without the support to implement security protections that could block the institutions from common threats, such as malicious emails, Kalember noted.
Exposed to Threats
Without this support in the future, & without employing DMARC protections that can block malicious emails before they reach a person’s inbox—users will continue to get exposed to threats that can easily be avoided, he stated.
“People are a ‘critical line of defence’ against email fraud but remain one of the biggest vulnerabilities for organisations,” Kalember outlined. “When fully compliant with DMARC, a malicious email can’t reach your inbox, removing the risk of human interference.”
