Cyber criminals are targeting educational institutions, especially colleges and universities. Thus far, 2016 alone has seen a reported 53 educational breaches, exposing as many as 366,196 records of students and staff. These stats are frightening, as they contend with 2015’s yearly total of 63 breaches in only six months.
One recent attacker demanded the University of Calgary pay a ransom of $20,000 in Bitcoin to decrypt files that had been infected by a virus on over 100 university computer systems. Because the university had not consistently backed up their data properly, they were forced to pay the ransom. Other universities that have made headlines with major breaches this year include: the University of California Berkeley, University of Central Florida, and Southern New Hampshire University.
‘Transient Nature’ Creates a Big Challenge
With so much private information about students and staff cycling through the computer systems of large institutions each year, you would think that online security in higher education would be a bigger priority. But the numbers of breach so far this year suggest otherwise. It’s not that universities neglect the possibility of breach or don’t care about it, but as Michael Borohovski told Bluefin, “they [probably just] don’t know it’s a problem or they’re simply not catching it in time. Despite the frequency of attacks, many schools just aren’t prepared to defend themselves.”
Henry Gass with The Christian Science Monitor commented on the challenge of defending large educational institutions against cybercrime when writing about the hack at UC Berkeley: “First, the transient nature of the student body means new devices are constantly entering and leaving the university system. The academic environment also typically encourages the free flow of information, leaving them more vulnerable to attack… The combination of large stores of important data… and often weak online defenses mean colleges and universities are attractive targets for hackers around the world.” Ultimately, with so many people sharing large quantities of important information all on one system, it can be difficult to promise the safety of every student or staff member in the system.
Why Higher Educational Institutions Are Targeted
Administrators in higher education take pride in the open and welcoming aspects of their networks. Fred Cate, from the Indiana University Center for Applied Cybersecurity Research told University Business, “We want our faculty and our students and our public and our donors to connect pretty easily to us.” The “academic environment” in higher education is a fruitful market for BYOD devices, the use of third-party services (like DropBox), and the transferring of information through less-secure devices (a thumbdrive). And, like Cate said, institutions invite anyone affiliated with that university access to its network.
So while these options are definitely convenient for users, it makes it harder for IT professionals to track and secure sensitive information across such a large array of communications and connection. Consequently, the likelihood for attackers to find holes in the system is much greater than if universities were to prioritize the protection of their networks with more secure protocol.
Steps Higher Education Institutions Need to Take to Increase Protection
The goal of any type of institution should be to prevent a breach. While education and awareness is the foundation towards greater protection on the web, educational institutions should heed the following three steps immediately to protect their networks from future breach:
- Secure institution websites with Secure Socket Layer (SSL) technology verified by a trusted Certificate Authority (CA). Using a SSL Certificate ensures that information transmitted through the website will be encrypted, and student and staff information will remain secure. However, it is important to note that SSL Certificates do not protect data at rest, so schools should also implement a secure way of storing information.
- Security administrators and analysts need to keep their school’s network up-to-date. One survey concluded that patching and vulnerability management are critical in breach protection because, according to the survey, more than 50% of attack vectors are related to the school’s ability to “patch its internal systems’ external-facing applications.”
- With these patches comes the education about current security trends and malware risk. IT professional’s need to educate students and staff about how to better protect their information and what to watch for in the event of breach. The more information known about current security trends online will make it much easier to fend off attack. The Hacker News is just one of many resources with regular updates about current threats.
Educational institutions can’t promise their systems will not be hacked, but they can take precautionary steps towards better security. Following these steps and educating students and staff about what to look for in an attempted attack will help keep breaches at bay.