Colleges and universities tend to attract hackers like honey attracts flies, but there are some steps IT leaders can take to batten down the hatches.
Getting in touch with the network and computer security team at Columbia University for the last 20 years, and it is safe to say that if you are at an institute of higher education, the bad guys are gunning for you. In-fact some of the institutions have become excellent targets. Here are some of the main reasons that are making colleges attractive to hackers:
- Personal Data
Schools have students – often lots of them – and with those students come Personally Identifiably Information (PII). We collect social security numbers, passport data, credit card numbers and a host of other personal information, all of which is just what hackers want.
- Lax Security Posture
If you peruse security journals, you will often see articles detailing that colleges do not practice good security hygiene. Whether this is true or not, it gives hackers the idea that universities are easy targets. On an average day, approximately 500 unique IP addresses are scanning the Columbia network, with over 10 million scans. They are looking for misconfigured systems or accounts with simple passwords.
- Schools Have Valuable Information
The libraries at Columbia spend millions of dollars a year on subscriptions to various journals and services. If bad guys can get hold of a student account, they can download this information and sell it, especially in countries that do not have access to these types of data feeds.
- A School Email Address is Very Valuable
Nowadays, pretty much every email system has some form of anti-spam system set up to filter out the amazing volume of junk email. These systems work in such a way that by looking at the characteristics of the incoming mail (we look at over 8000 different things) and then use a formula to decide if the mail should be delivered. Some proper set of rules can make the mail less likely to be filtered, and it turns out that one of the best measures of goodness is whether or not the mail comes from an .edu email address. Bad guys love to get hold of a valid student email address, as they can use it to send out spam that is almost guaranteed to get delivered.
- Research Universities Have Research Data
This is kind of obvious. This data is valuable to companies, both foreign and domestic and can translate into a very large financial loss if stolen. Protecting this type of data is extremely hard, as the researchers own it, it is often not held on the central systems.
Colleges and universities are a data gold mine for cybercriminals.
Over the last year, nearly 56% of universities have seen an increase in phishing attacks. Higher education is a popular target for phishing scams. Cyberattacks on these institutions have resulted in the exposure of over 1.3 million identities. Over the last year, nearly 56% of universities have seen an increase in phishing attacks. The threat is so serious that it will continue to run rampant in the future.
Why do hackers target higher education?
Colleges and universities are a data gold mine for cybercriminals. Various sensitive information like personal data, confidential research information and intellectual property belonging to students, faculty, and staff make it a one-stop-shop for everything cybercriminals crave.
This personally identifiable information includes a variety of data such as social security numbers, financial information and more. Bad actors can misuse them for identity theft or scams.
The secretive information from ongoing research can also be stolen and sold to foreign entities.
University libraries have exclusive access to hundreds and sometimes thousands of journals and publications. Some of these journals include valuable information related to people or devices that can cost the targeted organization if it is sold to an interested party illegally.
How attackers snoop into universities?
Thousands of users – many of the students who are unaware of cyber threats – make the network incredibly easy to break into via phishing scams.
Moreover, most of the students use their own devices like personal laptops and cell phones, which is like creating your information security nightmare if proper precautions are not applied. A survey from EdTech revealed that three in ten data breaches at colleges occur due to unintentional disclosure of sensitive information via phishing scams or the misuse of social media.
Lately, ransomware has been a particularly popular method to launch attacks against universities and colleges. This is one of the attack techniques from which threat actors can generate revenue.
Some Steps to Improve Institutional Security
One of the first things recommended is single sign-on with multi-factor authentication (MFA). Using passwords as the only protection against compromise is, in mind, akin to an open-door policy for infiltration. The least common denominator for system access is people, and depending on a simple password, regardless of length or complexity, is an invitation to disaster. In this case, “simple” does not refer to the makeup of the password, but to the fact that it is the only thing between you and your data.
Encryption is an excellent way to prevent stolen data from becoming a security breach, however it depends on understanding how it works and using the proper form in the right place. Full disk encryption, the type used on hard drives and mobile devices, will prevent data from being misused only if the device was turned off when it was stolen. It will not help if your computer is hacked while it is up and running. To protect data on an active system, you must use field encryption or data masking. This is a much more complicated process, as it requires the application to understand the altered data.
Research data is the most complicated to protect, since it is often dispersed throughout the campus and not usually under the control of the central IT organization. It is also often hard to tell the difference between a legitimate sharing of data and the exfiltration of stolen data. One way to detect data that has been stolen is through software that allows you to track where your documents are being opened. You can even block the documents from opening if they are out a specified geofence.
This should be used to filter both incoming and outgoing mail, since spam in outgoing mail is a good indication of a compromised account. Prefer a system that is highly configurable, especially for the elimination of targeted phishing attacks.
In any case, there is no such thing as perfect security, but with a lot of effort and smart choices, you can create an environment that is safe, secure and still allows the business of education to flourish.
As higher education continues to be a sweet target for cybercriminals, colleges and universities should adopt a stronger defensive strategy to ward off phishing attacks.
Here are links to some our other articles:
Citadel Trojan: Threat to public Organizations !