Accelerated online learning environments and increasing rates of ransomware and phishing attacks against K-12 schools are creating unique cybersecurity challenges for the education sector, according to the September 2021 "AppSec Stats Flash" report from NTT, a Top 250 MSSP.
Key takeaways from the report included:
- Applications within the Education Sector Have a 57 Percent Window of Exposure (WoE) Rate: WoE represents the amount of time that an application has a serious vulnerability that can be exploited to data breaches, NTT stated. The education sector's WoE rate is improving, and this can be attributed to the fact that many schools are focused on fixing vulnerabilities within their web applications. Also, education has one of the best WoE rates (less than one month) across all sectors.
- Information Leakage Is the Most Common Vulnerability Among Schools: Information leakage ranked first in terms of vulnerability classes identified between June 1, 2021 and Sept. 1, 2021, followed by insufficient session expiration, cross site scripting, insufficient transport layer protection and content spoofing.
- On Average, It Takes Approximately 206 Days to Fix a Critical Vulnerability in Education: It takes an average school about 206 days to fix a critical vulnerability, NTT reported. In addition, the remediation rate for critical vulnerabilities is 34 percent; comparatively, this rate is 46 percent across all industries.
How Can Schools Guard Against Application Security Vulnerabilities?
Cybersecurity remains a top concern for organizations across the education sector, NTT indicated. But, there are many things that schools can do to guard against application security vulnerabilities, including:
- Track application security vulnerabilities.
- Educate their software teams to eradicate vulnerabilities from their applications.
- Monitor the average time to fix critical and high-severity vulnerabilities.
- Explore ways to improving WoE and the overall security posture of applications.
NTT Application Security Expertise
Naturally, NTT has expertise in the application security sector. The know-how arrived when NTT acquired WhiteHat Security in 2019. The acquired firm's expertise included static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA).