Oneto impact a college campus hit Ohio State University in 2010, involving the records of more than 700,000 people affiliated with the school. While there has never been evidence that documents were stolen, the event was a wake-up call for and other major universities, said Dave Kieffer, an information technology leader at Ohio State at the time of the breach.
The threat then was novel, but colleges have become more proactive in addressing such risks over the past decade. Cybercriminalsfor a few reasons, said Kieffer, a research vice president with the Tambellini Group, an IT consulting firm. For one, the diversity of campus functions makes building a comprehensive challenging. Institutions also house many , making them a treasure trove for hackers. On campuses conducting research, has also increasingly been targeted.
When the pandemic forced most colleges tospring, it raised the level of cybersecurity risk created by these kinds of vulnerabilities. Although students and staff were distributed globally, cybersecurity systems must be maintained. Aging IT infrastructure, common across campus, complicates the situation by making it harder to store or transmit data securely, said Jesse Beauman, the assistant vice chancellor for enterprise infrastructure at the University of North Carolina at Charlotte.
Pandemic-era security risks
could appear minor. At Mt. Hood in Oregon, faculty and staff primarily use devices the college provides. Still, as most employees began to , they used more personal laptops, tablets, and phones to do their jobs.
This became one of Mt. Hood’s “biggest pain points” during the transition to remote operations, especially when it came to ensuring employees could access thenetwork (VPN) connections, Blake Brown, Mt. Hood’s , and Chris Neal, a cybersecurity specialist at the college, said in an email.
Two of the most significant risks to colleges’ networks are unsecured WiFi connections andmanagement, leading to stolen login credentials.
Requiringconnection, but instituting safer login access was more challenging. The college launched a new multi-factor authentication solution, unique to many Mt. Hood employees. Multi-factor authentication requires people to access a system and provide two or more pieces of information, such as a password and a code received through a text message (SMS). Its novelty meant Brown and Neal also had to do a fair amount of training and communicate about the change before it .
Schools are also vulnerable by using unpatched and unsupported software and operating systems, such asXP or Windows 7. This behavior has attracted a type of cyberattack called ransomware, in which attackers encrypt their target’s files and demand payment to . According to one recent report, ransomware attacks against higher institutions doubled between 2019 and 2020, costing them $447,000 on average. The report explains that it is the No. 1 cyber threat to universities, ahead of and data theft by nation-states.
“Most ransomware attacks start with phishing, which targets users on any device and within any messaging application (email, SMS, and) that allows cybercriminals to send malicious links to unsuspecting users,” said Hank Schless, senior manager for security solutions at cybersecurity firm Lookout, in an email. They are clicking on the link or opening the attachment in a phishing email results in a malware download or stolen login credentials.
Data breaches have also focused on colleges in. The technologies used during the for remote teaching, learning, and managing daily operations have opened up new doors for cybercriminals, making schools even more vulnerable to their attacks, said Kashif Hafeez, senior director at security firm WhiteHat. and working provide more chances to share sensitive information over unsecured networks or share sensitive data with unauthorized people. rules.