The Growing Threat of Cyberattacks in Higher Education
Check out Responsible Cyber website : Cybersecurity and Risk Management.
The higher education (higher ed) sector has become an increasingly attractive target for cybercriminals, and the number of cyberattacks in this industry is on the rise. In fact, almost 64% of higher ed institutions experienced ransomware and cyberattacks in 2022, a significant increase from the 44% reported in 2021. These attacks have not only impacted the institutions themselves but have also exposed sensitive data and personal information of students and staff.
Third-Party Vendor Vulnerabilities
One of the main reasons behind the surge in cyberattacks on higher ed institutions is the vulnerabilities found at the third-party vendor level. Many data breaches have occurred through platforms hosting online learning systems, which are particularly susceptible to attacks. These breaches highlight the need for higher ed institutions to have robust third-party risk management (TPRM) programs in place to identify and mitigate potential risks before they become a problem.
Factors Contributing to Higher Ed Institutions as Prime Targets
There are several factors that make higher ed institutions attractive targets for cybercriminals:
1. Security Issues
A 2018 report by SecurityScorecard ranked the education sector last in terms of cybersecurity among all other industries surveyed. Most colleges, especially public ones, struggle to maintain adequate budgets for IT security. This lack of resources leaves them vulnerable to cyberattacks. Additionally, many institutions lack formal TPRM programs, which further increases their susceptibility to attacks.
2. Open Networks and Multiple Apps
In higher ed institutions, it is common for different departments to purchase their own systems and apps without going through a central vetting process or security screening. This decentralized approach to technology procurement creates security gaps and makes it easier for cybercriminals to exploit vulnerabilities. While some security screenings may be conducted for cloud-based providers, other systems and apps often go unchecked.
3. Vulnerability of Students
Higher ed institutions welcome a new cohort of students each year, many of whom lack experience and knowledge in cybersecurity. This lack of awareness makes students easy targets for common hacking techniques such as phishing, social engineering, website spoofing, and password theft. Without comprehensive cyber education programs in place, it is challenging for institutions to adequately prepare their students to protect themselves online.
4. Unregulated Devices
College campuses are filled with unregulated devices, including laptops, desktops, phones, and tablets. While these devices offer convenience and flexibility, they also create new opportunities for hackers. Each unregulated device connecting to the network becomes a potential entry point for cybercriminals, increasing the overall risk for the institution.
5. Open Campuses
College campuses are known for their open and inclusive environments, but this openness also makes them vulnerable to various types of attacks. Social engineering, tailgating, and man-in-the-middle attacks can be easily carried out in such settings. Visitors can enter undetected, plant USBs, intercept network traffic, or gain unauthorized access to labs and research areas.
Addressing the Cybersecurity Challenge in Higher Education
Given the increasing frequency and severity of cyberattacks on higher ed institutions, it is crucial for administrators to take proactive measures to strengthen their cybersecurity defenses. Here are some steps that can be taken:
1. Invest in IT Security
Higher ed institutions need to allocate adequate resources to IT security to protect their networks, systems, and data. This includes investing in robust firewalls, intrusion detection systems, and encryption technologies. Regular security audits and vulnerability assessments should also be conducted to identify and address any weaknesses.
2. Develop Formal TPRM Programs
Implementing formal third-party risk management programs can help institutions identify and assess the cybersecurity risks associated with their vendors and partners. This includes conducting thorough security screenings and ongoing monitoring of third-party systems and applications.
3. Provide Comprehensive Cyber Education
Higher ed institutions should prioritize cybersecurity education and awareness programs for both students and staff. This includes teaching best practices for password management, recognizing phishing attempts, and understanding the importance of data privacy. By empowering individuals with the knowledge to protect themselves, institutions can significantly reduce the risk of successful cyberattacks.
4. Implement Network Access Controls
Controlling access to the network is essential in preventing unauthorized devices from connecting and potentially compromising the system. Implementing network access controls, such as requiring device registration and authentication, can help mitigate the risk posed by unregulated devices.
5. Strengthen Physical Security Measures
Enhancing physical security measures on campuses can help prevent social engineering and physical attacks. This includes implementing access control systems, surveillance cameras, and security personnel to monitor and respond to suspicious activities.
Conclusion
Cyberattacks in the higher education sector are a growing concern, with institutions increasingly becoming prime targets for cybercriminals. The combination of security issues, open networks, vulnerable students, unregulated devices, and open campuses creates an environment ripe for exploitation. By investing in IT security, developing formal TPRM programs, providing comprehensive cyber education, implementing network access controls, and strengthening physical security measures, higher ed institutions can better protect themselves and their stakeholders from cyber threats.