In the US alone, over 28.6 million records have been leaked since 2005 in 1,851 security breaches in educational institutions according to a report in December 2021. Colleges and universities collect and store massive amounts of data on students and faculty, making them a convenient target for data breaches.
The attacks on schools shot up significantly during the pandemic with students and staff accessing the networks remotely. The widely publicized ransomware attack on the University of California, San Francisco is only one among the several attacks that have been carried out on education institutions during the pandemic.
Even now, with many universities adopting a hybrid model for education, the threat continues.
What are the cybersecurity threats universities face?
Here are the most common cybersecurity threats for schools, universities, and other educational institutions.
Phishing attacks are very common and unsuspecting users are easy bait. They are carried out through emails or web pages that are designed to trick a user into entering sensitive information such as passwords or credit card information.
Typically, a user receives an official-looking email that asks for some information. Users are redirected to a spoofed URL that asks for sensitive information. Credential theft is just the beginning, and the phishing attack can quickly escalate to a serious issue where the entire system or network can be infected by a virus.
Phishing attacks can also involve a fake email that tricks users into downloading malicious software which can potentially infect the system and expose data to the attackers.
A ransomware attack is where the hackers fool users into downloading ransomware or once they steal a user’s credentials, they use them to download malicious software to gain access to the school’s data.
Students using the school network to get help for their assignments are often targeted by hackers. Once they gain access to the data, they demand exorbitant amounts of money as ransom from the university to give the access back to the school. This is what happened at the UCSF back in 2020.
The FBI reported the increasing attacks in PYSA Ransomware targeting schools and colleges in 12 states in the US since March 2020.
SQL injections exploit the vulnerability in the underlying code. For example, when the attacker goes to the login page for a university, they can use an SQL injection to bypass the need to enter a password and gain access to the network. Once in, they can delete or alter information and take control of the network.
In February 2017, a group of hackers launched an SQL injection attack on several higher education institutes including New York University. SQL injections are common where the networks have weak security.
Most universities have their blog pages or open forums. When these web pages are not effectively monitored, they become an easy target for hackers to post malicious links in comments.
Of course, when students or faculty members click on these links, they invite a cyber attack on the college network. However, a badly managed blog page is also a signal to the hackers that your network security is low. It can potentially lead to more malicious activity by hackers.
DDoS (Distributed Denial of Service) attacks on educational institutes have also increased during the pandemic. These attacks typically make the systems inaccessible for the intended users, thus effectively denying service to the users.
A recent incident was when a hacker in Florida used a DDoS attack on a school network in Miami. The attack caused a major shutdown and virtual classes could not be held for three days.
What measures should universities take to strengthen cybersecurity?
Despite the rising threat of cyber attacks, top colleges and universities are not taking enough measures to protect their networks. According to a 2018 study, education was the least secure sector among 17 major industries.
Here are some of the important security measures that educational institutions should adopt to reduce the risk of cyber attacks.
Create a data protection plan.
Colleges and universities are vulnerable to data threats because they have humungous amounts of data on students and staff including personal, financial, and medical data. The first step in safeguarding the data is to take stock of all the information and review the access levels for this information.
Once this is done, the next step is to identify the stakeholders and resources for ensuring data privacy. Control and limit access to sensitive data and create a comprehensive data protection plan that is in line with the institution’s requirements.
Monitor networks and systems.
Regular monitoring of network devices, software, portals, etc. for suspicious activities can help alert against a potential attack. This will also help identify system vulnerabilities so that they can be fixed in time.
Regular risk assessments and reviewing of the data protection plan accordingly can go a long way in securing the systems.
Get experts on board.
Having dedicated personnel for taking responsibility for cybersecurity certainly helps. In addition to having a strong team of cybersecurity experts, you can also consider appointing a Chief Information Security Officer to oversee the security measures and plan cybersecurity strategies.
Have a response plan for cyber attacks.
When a cyberattack occurs, swift action to identify and contain damage is necessary. For this, you need a plan in place to respond to an attack and also carry out disaster recovery. This includes a plan for data backup and creating a response team to come into action at the slightest hint of a threat.
Revisit vendor contracts.
Many colleges and universities deal with third-party vendors for managing their IT infrastructure. Always choose reliable vendors and review contract information ensuring that it has the requisite data protection clauses.
Get a cyber insurance policy.
A cyber insurance policy will cover at least some part of the financial losses resulting from a cyberattack. However, pay attention to the caveats in the insurance coverage to understand what is covered and what is not. Once you get a cyber insurance policy, review it annually to see if there is a provision to alter the insurance cover in line with the change in the security risks.
Invest in tools and software for cybersecurity.
Get spam filters for websites as well as email to reduce the chances of phishing attacks. Also, invest in malware and ransomware protection software and install a firewall to protect your network and systems.
How to involve users in your cybersecurity measures?
By far, the most common risk to cybersecurity is human mistakes. This calls for educating users about the threat and helping them become more aware and vigilant. Here are some tips to help students, faculty, and staff members avoid making mistakes and inviting cyber threats.
- Appraise the staff for the consequences of a cyberattack and instill accountability.
- Use filters to block websites such as several social media platforms that are not relevant to the educational institution to reduce the interaction with external networks.
- Educate all users to be vigilant against unknown links. Reinforce this through regular training, refresher sessions, and reminders.
- Build a system where the users can report any suspicious activity. Have a pre-defined escalation system in place.
- Have a secure and exclusive communication channel for priority messages. This can help alert all users in case of a cyber threat.
- Build an online repository of information on cybersecurity and encourage all users to refer to the repository from time to time.
- A cyberattack drill is a great idea to gauge whether all the efforts taken to educate the users have worked or not. This can be done by simulating a fishing attack and monitoring which users fall prey.
According to security rating company SecurityScorecard, higher education institutions are prime targets for cyberattacks. They can cause heavy financial losses. But even more significant than the financial loss is the fact that cyberattacks can dent an institute’s reputation and pose a serious risk to its students and faculty by exposing their data. Cyberattacks can also cause extended system downtimes hampering regular operations. Given these risks, it is best to stay prepared and take all precautions.
Related article: Simple Ways to Improve Your Organization’s Information Security Posture.