Education Sector At Risk, Security Report Says

According to a recent report, education tops the list of industries most frequently targeted for security attacks, spelling big opportunity for VARs able to provide solutions that safeguard network infrastructures to schools and universities.

Of attacks against the education sector, .2 percent is targeted, according to the Symantec Internet Security Threat Report, released today, which provides an analysis of Internet-security activities and trends between Jan. 1 and June 30, 2005.

"While the percentage of targeted attacks looks very small, it's relative," says Dean Turner, executive editor of the report. Of the 12 million attacks detected against the sector, 27,000 were targeted. "They are less random, so someone is really interested in what [the industry] is doing and taking a poke around."

After education, industries subject to the highest percentage of targeted attacks included small business, financial services, local government and health care. Among the reasons that education topped the list, Turner says, are because of the sheer number of public terminals and easy access in. "Money is put into the computers, not the security," Turner says.

Also reported was the top attack detected by sensors deployed by government organizations, the Generic TCP Syn Flood Denial of Service Attack. The top attacked ports in the government sector were the TCP port 25 used for e-mail, and the TCP port 80 for the Web. Both are generally open to traffic through firewalls, according to the report, indicating that attackers are attempting to identify systems that are either poorly configured or inadequately patched.

That's where the private sector could help -- in education as well as state and local and even federal government. Not only do agencies and institutions need security solutions in place, they also need someone to properly implement them.

"There's a critical need for prevention," says Bob Breeden, special agent supervisor for the Florida Department of Law Enforcement's Computer Crime Center. The department mandated a cybersecurity workshop for employees, and the Secure Florida initiative sponsors seminars that seek to educate citizens and businesses. "I'm not sure law enforcement is even prepared to deal with these issues. I'm scared of what the future holds."