Time for Universities to Teach Cybercriminals a Lesson

Short on time? Here's an overview:​

There is good reason for higher education’s appeal to intruders: There are vast stores of valuable information about students, staff, vendors, and alumni that intruders can monetize, and vital research data can be sold to shady nation states. A security talent shortage leaves higher education competing at a disadvantage with the private sector. The decentralized structure of the academic world enables disparate departments to invest in their own IT without the oversight of security professionals – creating shadow IT. Universities have a culture of sharing information within the university and other schools, governments, and private entities.

Learning the hard way

Thanks to cybercriminal intrusions that cost billions and disrupted university services and functioning, the higher education sector has learned the hard way about cybersecurity. However, the security techniques and technology that other sectors have deployed can be quickly adapted for university systems – and none too soon. For example, in Australia, the government prepares to enforce an “enhanced framework to uplift security and resilience” upon universities. Moreover, students, faculty, researchers, and IT professionals everywhere are increasingly sensitive to a university’s cybersecurity performance and making cybersecurity strength a firm competitive advantage.

Unsurprisingly, the COVID-19 pandemic exposed the higher education sector’s susceptibility to cybersecurity attacks. While the rush to virtual learning may have allowed for a massive increase in attacks, the truth is, cybercriminals have long been aware that higher education is a target-rich, insufficiently defended environment.

According to Comparitech, in July and August 2020, while all industries experienced a 6.5% increase in cybersecurity attacks, the increase was an alarming 30% for higher educational institutions.

A sizeable and urgent challenge

According to the FBI, online crimes reported to the Bureau's Internet Crime Complaint Center (IC3) have increased by 400% due to the pandemic, with as many as 4,000 incidents per day.

FBI’s Cyber Division warned in early March 2021 that criminals using malicious ransomware software are steadily targeting more education institutions and attempting to extort them.

And ransoms extracted are costly – almost half a million dollars in the case of the University of Utah, for example – to say nothing of the reputational cost. Even if there is no data lost, system downtime when responding to a suspected breach can vastly disrupt a university’s ability to deliver its services.

Information like educational records is one of the most sought-after data for cybercriminals and can fetch up to $265 on the black market.

Since 2016, cybersecurity attacks targeting the education sector have increased by fivefold. The switch to virtual learning environments due to the coronavirus pandemic has increased opportunities for hackers. In July 2021, the sector saw a 29% increase in attacks compared to July 2020.