In an era where cyber threats rapidly evolve worldwide and threat actors target organisations across multiple industries with sophisticated tactics, higher education has also become an increasingly vulnerable sector.  

Quorum Cyber’s latest report, published in August 2025, Relentless Threats: 2025 Mid-Year Global Cyber Risk Outlook, offers an insightful analysis of the changing dynamics of the global threat landscape and its implications for universities, colleges, and research institutions. 

Paul Caiazzo, Chief Threat Officer, says: “At Quorum Cyber, we believe effective defence starts with deep, continuous visibility into the evolving threat landscape. In our role at the intersection of intelligence, incident response, and counter extortion, we are uniquely positioned to observe how threat actors operate, adapt, and increasingly collaborate to amplify their impact.” 

Why is higher education at risk?  

Universities and colleges are a target for different reasons. Firstly, they hold vast amounts of sensitive data, from student records to cutting-edge research and intellectual property (IP). Academic institutions also tend to be open and collaborative environments, often lacking the strict controls usually implemented by corporate networks.  

Many students and researchers know how to bypass security polices, and they commonly use their own devices and access systems from all over the world at any time of the day or night.   

Cybercriminal groups such as Codefinger, which exploited Amazon Web Services (AWS) features to encrypt cloud data, are increasingly attacking the cloud-native infrastructure used by the higher education sector 

Quorum Cyber’s report highlights how ransomware groups are innovating not just technically, but tactically. Criminal groups such as Qilin and DragonForce are pushing the boundaries of extortion with AI negotiation bots, legal harassment services, and call centres, creating a new method called “quadruple extortion” that targets regulatory, reputational, and customer trust vectors. 

A threat landscape in overdrive 

The first half of 2025 saw the emergence of over 70 new threat groups and Malware-as-a-Service (MaaS) offerings, as investigated by Quorum Cyber’s Threat Intelligence team. The high volume of new cyber-attacks demonstrates the steady and quick progression of cybercriminal innovation.  

Affiliate models, franchising, and white-label ransomware services now mirror legitimate enterprise software operations, lowering the barrier to entry and enabling low-skilled actors to launch high-impact attacks.  

For higher education institutions, this means that there are a growing number of adversaries using a wide range of techniques to target vulnerable systems. 

With a 53% rise in initial ransom demands since 2022. For higher education, where budgets are often constrained and reputational damage can be severe, this trend underscores the need for tailored, proactive defence strategies. 

Building resilience in academia: Key recommendations for 2025 

In response to the evolving threat landscape, including cloud weaponisation, RaaS innovation, and aggressive extortion tactics, institutions must adopt robust security practices. The report offers practical steps to strengthen cyber resilience across the following areas:  

• Ransomware and Social Engineering 

• Vulnerability Management 

• Cloud Hardening 

• System Resilience 

• Credential and Access Security  
• Browser and MFA Hygiene. 

What’s next? 

Higher education institutions must recognise that cyber threats are no longer isolated incidents. They are becoming part of a dynamic and service-driven ecosystem. Defending against this ecosystem requires agility, collaboration, and training, as well as a deep understanding of adversary innovation. 

The 2025 Mid-Year Global Cyber Risk Outlook explores the evolving tactics and threats the industry has faced over the past six months. It offers key insights to help you learn from recent developments and strengthen your defences moving forward. 

Contact us today to chat with our experts and see how you can receive tailored support to strengthen your security posture.  

In the meantime, you can read the practical tips suggested by the Threat Intelligence team by downloading your free copy of the report.