Notifications
Clear all
Topic starter
27/06/2026 1:11 pm
TL;DR: Higher education is facing rising payloadless malware, business email compromise, and broader email attacks that target faculty, staff, students, and alumni, according to Abnormal AI. The governance gap is institutional, not departmental: identity and access controls must account for every population that can be used as an entry point or trust bridge.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should universities reduce business email compromise risk across mixed identity populations?
A: Universities should apply consistent verification and monitoring controls across faculty, staff, students, alumni, and contractors, because attackers use the weakest trusted identity to reach valuable targets.
Q: Why do higher education environments need institution-wide email protection?
A: Because identity trust in a university extends far beyond employees.
Practitioner guidance
- Map identity populations across the institution Document which controls apply to faculty, staff, students, alumni, and affiliated accounts, then identify where approval, recovery, and messaging protections differ.
- Harden verification for high-risk email requests Require out-of-band confirmation for payment, access, payroll, gift, and data-sharing requests, especially when the request crosses departments or comes from an unusual sender pattern.
- Review lifecycle exposure for transient identities Check how quickly student, alumni, and contractor identities lose access when status changes, and make sure forwarding, recovery, and delegated access do not outlive the legitimate relationship.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Live commentary from John Hoyt on the security pressures facing Clemson University and similar institutions
- Discussion of how threat actors are adapting email attacks across students, faculty, staff, and alumni
- Practical suggestions for doing more with less during tight budget cycles and staffing constraints
- CPE-eligible webinar format with the on-demand session available after registration
👉 Watch Abnormal AI's on-demand webinar on higher education email threats →
Higher education email threats: what IAM teams need to change?
Explore further
27/06/2026 2:25 pm
Higher education email defence fails when identity governance stops at the employee boundary. Universities do not operate with one identity population, and attackers know that the easiest route is often through the least protected but still trusted group. Faculty, students, alumni, and staff all participate in the same trust fabric, so a control model built only for employees leaves material gaps. Practitioners should treat campus identity as one risk surface, not several disconnected ones.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should own email fraud response in a university?
A: Ownership should sit jointly with security, IAM, and business process owners because the compromise path crosses identity, messaging, and approval workflows. The immediate question is not only containment, but whether the same account could still be trusted to trigger payments, access changes, or data sharing.
👉 Read our full editorial: Higher education email threats expose institution-wide identity gaps
