State of Cyber Security in Higher Education

1 October 2025 by Catalyst

They say any publicity is good publicity but when it comes to data breaches, no organisation wants to be making headlines.

Globally, cyber threats surged by 47% in Q1 2025, with the education sector bearing the brunt. This is followed by government, telecommunications, and healthcare & medical sectors.

The data published by Check Point Software indicates that education / research are targeted with over 4,400 attacks per organisation every week – a staggering 73% increase from the previous year.

Source: Check Point Software

The PowerSchool cyberattack towards the end of December 2024, the data breach on University of Winnipeg on March 2024, and the ransomware attacks on Memorial University of Newfoundland, Grenfell Campus on December 2023 are some of the more notable examples in the education sector in Canada, especially as there were sensitive data stolen.

As more data breach stories pop up for universities, colleges, and education boards from all over the world, we can only wonder, how many more go unreported or undetected?

Six Reasons to feel secure with Catalyst IT Managed Service

Why is higher education a top target for cyber attacks?

There are several factors that contribute as to why education institutions are popular targets for cybercriminals:

  • Plenty of valuable personal student data. Higher education institutions store huge amounts of sensitive information, including health and financial details, which can be used for theft, fraud, and other malicious activities.
  • Limited budgets for cybersecurity and staff training. In the time of financial cuts, budgets may be restrained for updating cybersecurity measures and conducting institution-wide cybersecurity training.
  • Fragmented, decentralized IT systems, This may also mean that there are outdated, legacy hardware and software prevalent within institutions, which deem them vulnerable to malicious attacks.
  • Seasonality. Higher education institutions operate in a predictable calendar, including peak times. Cybercriminals tend to time their attacks during peak periods, expecting institutions will be distracted or overwhelmed. According to a recent report by CheckPoint Research, the education sector in North America was hit by cyber attacks 3,047 times on average per week.

Protecting your institution from cyberattacks

Unfortunately, malicious activity is common in the web. No organisation is 100% secure and information on the web will always be subject to cyber attacks. However, prevention will always be key. Here are some of our recommendations to help you safeguard your cybersecurity:

  • Invest in cybersecurity. This includes security infrastructures and ongoing education and training for faculty, staff, and students.
  • Have a plan and appropriate support in place for when things do go wrong, and make sure to review your security policies and procedures on a regular basis.
  • Conduct regular software updates. Software updates include new patches for vulnerabilities, bug fixes and performance optimisations, helping you protect your data and users.
  • Implement Single Sign On (SSO) and Multi-factor Authentication (MFA).
  • Host your sites in a secure cloud infrastructure where all the necessary updates, patches and backups are automated and orchestrated. Using an experienced hosting and IT managed services provider that specialises in complex enterprise level IT systems will be your best bet; ideally, with 24/7 support
Download Your Cyber Safety Checklist

How secure is Moodle?

Moodle LMS is developed through a ‘security-by-design’ approach and supported by their global security community. The software is continuously tested and monitored, and achieves all privacy compliance obligations. Moodle also provides education and ongoing communication flows to their users and partners.

It is important to note however, that the software is just one part of the equation here. How it is managed and the infrastructure architecture it’s hosted in are other very important elements which are often beyond the software product provider’s control.

Moodle Security Whitepaper

Why use a trusted certified Moodle partner?

While no one is 100% protected at all times, using a certified Moodle partner will definitely offer many benefits that will outweigh the costs, especially if you are dealing with a larger, more complex Moodle instance.

Catalyst IT has over 20 years of experience working with Moodle. As an ISO27001 certified partner, we can help optimise your LMS to achieve quality, efficiency and cost savings all at the same time. Not to mention the extra support, customisation options, spam protection, daily backups and priority access to new releases and security patches, which you will only get if you invest in a partnership with a trusted provider.

By leveraging our secure and highly optimised cloud infrastructure, and 24/7 support, you will be in the best position to have peace of mind and be able to focus on teaching, learning, as well as ongoing internal staff training and development.

If things do go wrong, those who have the right technical team behind them as well as 24/7 monitoring and support are always better off than those that don’t.

We are proud to be trusted by major universities, colleges and other education providers, as well as government offices and major organisations in the health, not-for-profit and commercial sectors.

Looking to improve your institution’s cybersecurity measures for your LMS?

Reach out to our team today!

Contact the Catalyst team today