This post is also available in: heעברית (Hebrew)

According to a report by enterprise security company Proofpoint, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia.

The report is based on an analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records at the schools. DMARC is a nearly decade-old email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination. None of the top universities in any of the countries had the required level of protection enabled, the report found.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement. “This, unfortunately, makes these institutions a highly attractive target for cybercriminals,” he continued.

“The pandemic and rapid shift to remote learning has further heightened the cybersecurity challenges for tertiary education institutions and opened them up to significant risks from malicious email-based cyberattacks, such as phishing.” Kalember concluded.

The constantly changing student population at universities, combined with a culture of openness and information-sharing, can conflict with the rules and controls often needed to effectively protect the users and systems from attack and compromise. Furthermore, many academic institutions have an associated health system, so they need to adhere to controls associated with a regulated industry.