In recent years, there has been increasing amounts of ransomware attacks on colleges and universities due to poor cybersecurity practices, a higher likelihood of ransom payment, and the value of information involved. The entire education sector performs poorly as a whole compared to other sectors when it comes to data security, and hackers are quickly taking notice.
A recent Sophos study examining ransomware attacks in education found that almost 64% of higher education organizations have been affected by ransomware in 2022. This was a major jump from 44% last year in 2021, signifying the poor response to cybercrime by colleges and universities across the world.
Why Are Colleges and Universities Being Targeted?
The main reason why colleges and universities are increasingly targeted is that they lack basic security protocols. Many higher education institutions contain multiple divisions, systems, or departments, making it incredibly difficult to maintain security consistency across the board. In addition, historically, the education sector has not prioritized cybersecurity because it requires a significant investment that does not return any direct revenue.
Because colleges and universities often handle extremely sensitive data, the lack of information security practices makes them ideal targets for cybercriminals. Losing or exposing the data could potentially cripple the entire school system, which is why these higher education schools would rather pay the ransom to retrieve the data than possibly lose it forever.
For example, in June 2020, the University of California, San Francisco (UCSF) paid $1.1 million to hackers to regain access to their servers because it was much cheaper than potentially spending over $10 million to retrieve the lost data. Even though the FBI and law enforcement strongly advise against paying ransoms to avoid incentivizing potential hackers, the value of the information was worth more than the ransom demands to the school.
How Do Cyber Attacks Happen?
Over the last few years, the main challenges that higher ed schools face can be narrowed down to the following reasons:
- Millions of remote endpoints - Over the COVID-19 pandemic, many schools switched to remote education and online learning, which opened up millions of potential entry points for attackers. In situations where login to a virtual private network (VPN) was required, poorly secured accounts often became targeted through remote desktop protocol (RDP) attacks, which then allowed access to the entire school server.
- Slow transition to cloud-based servers - Using cloud-based servers can help organizations scale their operations while operating at lower costs and allowing better data management. However, transitioning to the cloud can be costly, one that smaller colleges or community colleges may not be able to afford.
- Lack of a cybersecurity budget - Colleges and universities nationwide are facing declining enrollment & budget cuts due to rising education costs. Many institutions were forced to prioritize areas such as research and academics over investments in cybersecurity and infrastructure.
- Hiring challenges & labor shortages - Organizations, including colleges and universities across the world, are facing steep hiring challenges for IT roles due to the increasing demand for highly skilled workers. IT departments are often understaffed and unable to moderate the entirety of their respective networks.
How Can Colleges and Universities Prevent Ransomware Attacks?
In order to prevent the likelihood of more ransomware attacks, colleges and universities must begin building cybersecurity awareness. Waiting until an attack happens is putting your organization at risk and at a major disadvantage. In many cases, even paying the ransom does not guarantee the full recovery of data.
Here are the best practices to proactively prevent future ransomware attacks:
1. Prioritize Cybersecurity Spending
Colleges and universities have historically been the slowest to adapt to changing cybersecurity landscapes. They typically prioritize funding for research, academics, and student aid, leaving no room for cybersecurity spending. However, in order to combat the increasing risk of ransomware or malware attacks, these higher education institutions must begin to carve out a budget for cybersecurity.
While Gartner analysts anticipate a massive increase in worldwide cybersecurity spending, security budgets for colleges and universities have largely remained flat, increasing just enough to keep pace with inflation. As hackers double-down their efforts to extort money from schools, universities must maintain an urgency to protect themselves and match the rising cyber threat risk.
2. Improve Communication Between Departments
Many colleges and universities allow every major department to manage its own IT security practices. However, because all departments are often linked to each other and the main university network, this can pose a problem should one department become compromised. Some departments may not invest in information security at all, which opens up an easy entry point for threat actors.
Instead, universities should maintain one central IT security team that oversees all departments and is in charge of cyber protection. A unified, collaborative effort between departments with a standardized cybersecurity policy allows for schools to put a system in place to prevent ransomware attacks from happening.
3. Provide Security Training
Providing basic security education and training should be a requirement for all schools. Even with an IT security team managing best cybersecurity practices, one mistake from a staff member, faculty, or student can put the entire network at risk. Security training can be one of the most effective and budget-friendly options, especially for smaller schools.
For example, a short security course can be implemented as part of the onboarding or new student orientation process. Topics can include:
- Recognizing phishing attempts
- How to properly set up VPNs (virtual private networks)
- Safe web browsing practices
- Setting up protected Wi-Fi networks
- Strong password security
- Keeping OS (operating systems) and applications up-to-date
- Backing up data consistently
4. Purchase Cybersecurity Insurance
Almost all major corporations and organizations should have cybersecurity insurance in the event of a cyber attack. Cybersecurity insurance will become just as important as health or property insurance as the world moves into the digital age. It’s important to note that insurance doesn’t protect against ransomware; it only helps cover some of the cost.
Some benefits that can come with cyber insurance are:
- Cybersecurity consulting and training
- Risk assessments
- Coverage for lost data
- Incident response
- Covered fees for lawsuits
Insurance premiums will depend greatly on each school’s security profile, and it may cost more to insure if your organization has not invested enough in cybersecurity. Having a cyber defense plan and an incident response plan in place can help insurance underwriters with their risk analysis. An early investment into insurance could potentially help save millions of dollars down the line.
5. Secure User Endpoints
Endpoints are one of the easiest and most common ways hackers gain access to private servers and networks. Human error is the #1 attack vector because many neglect basic security practices. In many cases, users may not even realize that hackers have infiltrated a network through them.
Although cybersecurity teams are responsible for monitoring network traffic, it’s impossible to cover every single endpoint. In the case of colleges and universities, there may be thousands, if not millions, of endpoints to secure.
The best way to cover all the bases is to employ EPP (endpoint protection platform), EDR (endpoint detection & response), or XDR (extended detection & response) solutions. These solutions can help:
- Collect network and traffic data
- Monitor for suspicious activity
- Provide real-time security alerts
- Execute remediation and mitigation processes
- Threat response and detection
- Perform forensic data analysis
6. Establish Strong Security Practices
The main focus of the IT security team should be to establish university-wide security policies and maintain a strong security posture. Good protocols can limit the attack surface of a ransomware attack and can even discourage hackers from targeting the school.
Some useful strategies that can be implemented in security protocols can include:
- Network segmentation - With dozens of departments and networks to manage, network segmentation can be a great way to prevent the spread of an attack by dividing the main network into multiple smaller networks.
- Installing anti-malware or antivirus software - Anti-malware and antivirus solutions are one of the easiest ways to provide frontline protection against cyber attacks. Many antivirus companies offer business plans that can secure an entire college or university.
- Zero-Trust Model - By assuming no user or party is safe without authorization, establishing a zero-trust architecture (ZTA) and the principle of least privilege can prevent unauthorized server access. Only users with the correct permissions can access a specified pocket of data.
- Use Multi-Factor Authentication (MFA)- Authentication processes help verify the identity and source of the user. Processes like 2FA or MFA help add an extra layer of security that can filter out unauthorized users.
- Always Back Up Important Data - Another easy implementation of good security practices is to back up important data consistently. Ideally, large organizations should be backing up data at least once a day using the 3-2-1 rule — keeping 3 separate copies of the data on 2 storage types (cloud & physical) and 1 offline copy.
7. Be Proactive, Not Reactive
Many security solutions like threat detection or incident response only focus on what to do after an attack has happened. However, this may not be an effective strategy to protect against all future ransomware attacks.
- Run Regular Security Tests & Audits - Regular risk assessment tests can help determine if the current security protocols are sufficient to defend against new forms of ransomware. IT departments should also consider running penetration tests to find vulnerabilities in the system.
- Keep Systems Updated - Outdated systems are at high risk of becoming compromised because old security systems may not be equipped to fight against new versions of ransomware. Since malware technology is constantly evolving, it’s up to the university to keep all systems and applications updated to the latest version.
- Manage Third-Party Risk - Just like endpoints, organizations must properly manage third-party risk. SaaS solutions like UpGuard can help identify any potential vulnerabilities and help your organization manage its entire attack surface. You’ll be able to quickly fill any security gaps to prevent ransomware attacks and data breaches from ever occurring.
Notable Cyber Attacks on Colleges and Universities
- June 2017 - University of College London’s NHS computer systems were targeted by ransomware through an email phishing attack.
- June 2020 - University of California, San Francisco paid $1.1 million to recover data.
- August 2020 - The University of Utah pays $457,000 to avoid hackers leaking student data.
- October 2020 - Hackers steal accounts and passwords from California State University (CSU) system.
- September 2021 - Howard University canceled all classes for two days following a compromised Wi-Fi network that prevented access to the servers.
- April 2022 - North Carolina A&T targeted by ALPHV/BlackCat hacker group.
- April 2022 - Austin Peay’s school systems shut down for three days from phishing emails.
- May 2022 - Lincoln College was forced to close after all systems were attacked, which led to a significant loss in enrollment and funding.