Colleges and Universities are Prime Cyberattack Targets

Cyberattack Target

Cutting edge research has made Higher Education a prime target.

The combination of employee and student personal and financial information, confidential data such as medical records, and commercially desirable research combined with the cultural openness of higher education has made Colleges and Universities prime targets.

The type of attack has also changed significantly. Lone wolf hackers creating nuisance viruses have been replaced by sophisticated foreign governments and organized crime rings.

In 2014, security breaches that involved the education sector trailed only the healthcare and retail sectors, according to Symantec’s 2015 Internet Security Threat report.

Higher Education is particularly hard to protect because, in contrast to corporations, higher education computer networks must allow for more open access to employees and students.

Attack Threats

  • Research
    Expensive, cutting edge research is a prime target.
  • Phishing -
    Using social engineering to trick someone into giving out usernames, passwords, bank account numbers or other sensitive information.
  • Spear phishing
    Advanced phishing using Facebook, LinkedIn or other means to get specific information on an individual to create an email that is specific for them.
  • Operating systems and software that are not updated.
  • Using a University’s powerful computers to launch even bigger attacks or to send out phishing or spam emails.
  • Hardware
    All types of tablets and cell phones are connecting to systems with no control over their software updates. Cell phones are the least secure devices and “jailbreaking” them makes the phone even less secure.

Possible Solutions

  • Educating all employees and students - 
    Most attacks are now implemented by social engineering. You are the target!
  • Strong passwords
    This cannot be emphasized enough. This is the gateway to the University systems.
  • Multi-layer security
    Firewalls, anti-virus, and anti-malware software.
  • Encryption -
    Encryption makes your data unreadable without a key. The most sensitive data especially needs to be protected.
  • Multi-factor authentication
    Also known as two-factor authentication, is an extra layer of security to your account that requires something you know (a username and password) and something you have (a code sent to your phone).
  • Backup data
    If attacked by ransomware, this is the only way to get data back without paying the ransom and paying the ransom does not guarantee access to the data.
  • Limit which employees can access sensitive data.