Higher Education and Cybersecurity
“Back to School” season is in full swing! As students, educators, and administrators return to their respective institutions, it’s worth knowing that the prioritization of cybersecurity is just as crucial to the higher education space as it is to other industries.
In recent years, colleges and universities have increasingly found themselves the targets of cyber criminals. According to a recent survey, 53% of higher education organizations suffered a cyber attack, up from 44% the year before. The complexity and impact of these cyber attacks have also increased by 50%. (Sophos) https://assets.sophos.com/X24WTUEQ/at/pgvqxjrfq4kf7njrncc7b9jp/sophos-state-of-ransomware-education-2022-wp.pdf
Successful cyber attacks have forced institutions to halt research programs, recover hacked student or employee data, pay ransom fees to recover stolen data or stop malware from infecting their entire system. In some rare cases, some institutions have had to close their doors entirely due to a damaging and costly cyber-attack.
With that in mind, we will explore specific ways higher education institutions experience cyber crime and how they can strengthen their overall digital security.
Most Common Cyber Crimes Faced by Higher Education Institutions
Colleges and universities are popular targets for cybercriminals. These organizations, especially large universities, contain extremely valuable data across various departments and branches.
The most valuable data hackers seek to either steal or ransom are research data, student/employee data, and financial data.
Research data is often the most sought-after and potentially most lucrative data for cyber criminals. Many universities are engaged in sensitive research projects that can lead to healthcare, technology, and policy breakthroughs. A recent survey found that 74% of universities have had to halt valuable research projects due to a cyberattack.
Hackers will try to steal data that they can sell to a third-party, including to another government, or they will “lock” the data and demand a ransom for its release. In 2020, the University of California – San Francisco paid a cyber gang over $1 million for the return of data being used to create a Covid-19 vaccine. https://www.bbc.com/news/technology-53214783
Student and employee data is another prime target. This data is especially popular to steal as criminals then sell the data. They may also conduct cyber attacks on students’ or employees’ private accounts in the hopes they can use the same credentials across platforms. The FBI recently warned colleges and universities that stolen student and employee data is being sold on the dark web. https://thecollegepost.com/stolen-university-information-forum/
Financial data is also a popular target. This includes customer transaction records, membership information, enrollment figures, and more. The impact can be devastating when a university discovers this kind of data has either been stolen or compromised.
That is what happened to Illinois’ historically Black Institution Lincoln College which had to close after 157 years of operation. This cyber attack prohibited the school from accessing recruitment, retention, and fundraising data needed to continue operations. https://thecollegepost.com/lincoln-college-permanently-closes/
Challenges Facing Higher Education Cyber Security
Even if a higher education institution has a robust digital security plan in place, the very collaborative nature of the education environment poses its own challenges.
Whether they work or study at the same or different universities, students and educators are open to sharing data and information with colleagues and peers at other institutions. This can make it challenging to ensure data is kept secure when openness and collaboration are encouraged.
Even if a university mandates specific processes when accessing data, there are no guarantees that university professionals and faculty will adhere to those processes. Some university professionals, by nature, often distrust system-wide rules and prefer to do things, like accessing data, on their own terms. https://talion.net/blog/6-unique-cyber-security-challenges-in-higher-education/
Finally, many schools have limited cyber security budgets. Despite the growing reliance on digital data, institutions often regulate cyber security to the IT budget and are not a priority for the entire organization. That view is changing though, in some states. Recently, California planned to allocate $100 million to improve its community colleges’ cybersecurity.
Ways to Improve Higher Education Cyber Security
Here are some helpful suggestions to help improve their digital security.
Conduct Regular Security Assessments: With institutions and campuses often having a wide range of technology available on site, it creates a broader field for hackers to target. Higher education IT leaders should work with internal teams and external vendors to determine what weak points exist in their networks.
Adopt a Threat Hunting Philosophy: Thinking that an organization’s system is secure because nothing overtly wrong is happening leads to a false sense of security. Instead, cyber security teams should work as if their system is already compromised and seek out the potential harmful activity. Being actively engaged will help sharpen the cyber teams’ skills and prepare them and their networks for the next large-scale attack.
Reinforce Endpoint Security Mechanisms: More students, teachers, and employees are either studying or working remotely. That can result in sensitive university data being accessed on a less secure personal computer or device. Advanced endpoint protection technologies can monitor for potential threats, both incoming and external, and defend against attacks wherever they occur.
Reinforce Endpoint Security Mechanisms: More students, teachers, and employees are either studying or working remotely. That can result in sensitive university data being accessed on a less secure personal computer or device. Advanced endpoint protection technologies can monitor for potential threats, both incoming and external, and defend against attacks wherever they occur. https://edtechmagazine.com/higher/article/2021/09/proactive-approach-avoiding-zero-day-attacks-higher-education
With higher education institutions facing cyber attacks almost daily, each organization must frequently assess its current digital strategy and take a proactive approach to monitor and stop future attacks. Doing so will ensure that the institution will maintain a safe and vibrant learning environment for students and teachers.
Does your school or institution need guidance or additional support for cybersecurity? Reach out to J5 Consulting and connect with our team of IT experts.