With each passing day, bad actors are conceiving new ways to infiltrate businesses, industries and government entities - with the goal of infecting their data and systems with ransomware or stealing vital data. While businesses large and small and government offices from the federal, state, county and local levels have all seen their share of nefarious and costly ransomware attacks, more than ever cybercriminals are pinpointing higher education as a prime target, exploiting vulnerabilities and inflicting serious harm on the targeted entities.
The speed and breadth of the pandemic wreaked havoc on IT managers in the higher education space. While ransomware has been the dominant method of cyberattack since 2020, cybercriminals are broadening their efforts to infiltrate college and university IT systems. The recent MOVEit hack targeted universities as well as government offices around the globe. Malware attacks skyrocketed at colleges and universities as the pandemic tightened its grip, while phishing attacks targeting higher education have remained fairly constant, although they've been more insidious and sophisticated.
Experts point out that efforts by higher education IT managers and administrators to digitize instruction for remote learning have opened the door to cybercriminals to exploit vulnerabilities. Sophisticated email attacks targeting students, faculty and administrators, coupled with relying on outdated technology, are dual culprits in the onslaught on colleges and universities. In fact, ransomware attacks have been so costly at some institutions that they've had to shut down. Lincoln College in Southington, Connecticut, was forced to close in 2022 after a particularly virulent ransomware attack. With so much data being stored digitally, higher education is an easy target for infiltrators, and a real headache for IT managers working overtime to prevent data breaches.
Weaknesses in higher education IT systems along with increasingly savvy SQL (structured query language) attacks are also an invitation to cybercriminals. Portals that invite students to engage online for academic or administrative purposes are also hijacked by bad actors, who in turn use them to infiltrate systems. Criminals employ automated tools to launch 'credential stuffing' attacks that use compromised username or password combinations to break into systems, access research, and hold data for ransom.
Cyberattacks in the higher education environment are not victimless crimes: A 2021 report from the Center for Digital Education points out that data breaches add $250 to the cost of a student's education. Officials strongly recommend that college and university IT departments conduct regular vulnerability assessments to ascertain areas that need added protection against outside intrusion. And annual information security awareness training is also recommended to shield college and university IT departments from ransomware, phishing, and other cyberattacks.
While governments at all levels have come to include cybersecurity in their budgets, that's not always the case in higher education. In fact, with costs rising and enrollment numbers falling, affording effective cybersecurity can seem out of reach for some smaller institutions.
GovNet has particular expertise in working to secure IT systems and protect data at colleges, universities and government organizations. Contact GovNet today for a free consultation.