Pandemic Shines Spotlight On University Cybersecurity

The Covid-19 pandemic required colleges and universities to shift their attention to online learning in an effort to minimize disruptions as well as keep students safe. While online learning is an important facet of education moving forward, it also comes with a host of new challenges. One of these is the risk of cyber-attacks, which is on the rise. Upon closer examination, there are several reasons why educational institutions are such lucrative targets for unscrupulous hackers.

One of the biggest draws for hackers is the large amounts of sensitive personal information that universities hold on staff and students. In the wrong hands, this type of information could be exploited by those with malicious intent. There are many ways in which stolen personal data can be monetized by criminals. These range from making loans and purchases using the information to holding the data ransom or selling it on the dark web. For example, a major cloud computing provider for Universities across the globe was targeted by a ransomware attack in 2020. This resulted in the loss of data that included information such as phone numbers, event attendance, and donation history.

Personal data is not the only draw for criminals when it comes to universities. The research data that are generated by universities are also prime targets for cybercrimes. The National Cyber Security Centre has revealed that universities are under threat from certain state-sponsored actors looking to gain strategic advantages by stealing data and information. Sensitive research and intellectual property are prime targets along with technical resources including documents and standards.

Even before the pandemic, the boundaries of universities extended far beyond the campus when it came to connectivity, which makes it difficult to safeguard against online vulnerabilities. Many highly connected universities also have legacy systems, which are prime targets for hackers. Unfortunately, high-tech methods are not even always required as seen with the case where university students were targeted with a phishing attack using fraudulent invoices. Also, since many students use their own devices to access university networks there is a large number of potential entry points for hackers to take advantage of. Another cause of concern is the availability of ransomware kits that are sold for relatively cheap on the dark web. Hackers can get their hands on these and use them to target universities in the hopes of an easy payout. For example, last year several colleges and universities fell victim to attacks using malicious software known as Netwalker. This is not just harmful to the reputation of the institutions involved, but students, staff, and faculty are often left unable to access the university learning management system or emails after a hack.

Most businesses and organizations of comparative size have dedicated cybersecurity resources, so it is going to be essential for universities to adopt similar approaches moving forward. It can be a big challenge, especially for public institutions struggling with limited budgets to invest in cybersecurity. It is often also impractical for them to perform the type of extensive cyber education with students that corporations invest in when training employees. Nevertheless, universities must shore up their digital security because online learning is going to be a huge part of education until the pandemic is under control.