The frequency and severity of cyber attacks has increased dramatically since 2020, and the trend looks to continue in 2024. For the last four years, the education sector has been among the top five industries targeted by criminals. In fact, a recent cybersecurity report noted that ransomware attacks affected 79 percent of higher education providers in 2023, up from 64% in 2022. Unfortunately, higher education institutions will always be a primary target for cybercriminals because of the large amounts of student and staff data they possess and the potential for large payouts.
Universities, community colleges and private educational organizations often have limited cybersecurity budgets and resources to thwart attacks, but it’s critical for leaders to prioritize cybersecurity and protect user data. Luckily, many organizations can make significant progress in enhancing their security posture by enacting low-cost or no-cost measures, such as using a password manager and enforcing Multi-Factor Authentication (MFA) on all accounts.
Organizational leaders and IT team members in the Higher Education sector need to understand that ransomware attacks are on the rise, their organizations are a primary target and basic cybersecurity best practices can dramatically decrease their risk.
Higher Education: A Prime Target for Cybercriminals
Cybercriminals employ many different techniques to compromise sensitive information. Some common types of threats that lead to data breaches include phishing attacks, malware infections, insider threats, credential stuffing and social engineering. Higher education institutions handle a wide range of sensitive information that will be at risk in the event of a security breach. This includes student records, financial records, research data and intellectual property, employee data, health records, credential information, admissions data and more.
From 2018 to mid-September 2023, 561 educational institutions were hit by a ransomware attack. 2023 was a record-breaking year for attacks in the sector with 85 ransomware attacks on schools and colleges/universities in the first half of the year alone. Cybercriminals take advantage of vulnerabilities, and there were several high-profile ransomware attacks in the sector in 2023.
Stanford University’s Department of Public Safety experienced a data breach in October 2023 after the Akira ransomware gang claimed it stole 430 GB of data, including private information and confidential documents.
Bluefield University in Virginia was hit by a cyber attack in April 2023 that affected several university systems, including their emergency response systems. Cybercriminals hijacked the university’s emergency system and sent texts to students and faculty stating that they hacked the university network to exfiltrate 1.2 terabytes of files, including admissions data from thousands of students that they threatened to leak on “a dark web blog.” It took three weeks for the university to restore all critical systems.
Why Higher Education is Being Targeted
Several factors contribute to the growing trend of cybercriminals targeting higher education:
Limited IT Budget and Resources: Many colleges and universities have budget-strapped IT teams and do not have a Privileged Access Management (PAM) solution in place. This makes them less prepared to prevent and mitigate cyber attacks.
Growing Number of Systems: There are a large number of systems and users at colleges and universities, and they’re handling larger volumes of data than ever before. As data flows through multiple locations and devices, the attack surface increases.
Sensitive Student Information: Educational institutions handle a wealth of sensitive information, from personal data to financial records. This valuable data makes them lucrative targets for cybercriminals seeking to exploit personal identities or commit financial fraud.
The Critical Role of Password Security
“The Cost of a Data Breach Report 2023” found that the average cost of a cybersecurity breach at colleges and universities between 2022-2023 was $3.7 million. The financial costs, downtime and reputational damage from cyber attacks can be devastating to colleges and universities that need critical systems to be operating 24/7.
74% of all breaches involve the human element with the majority due to weak or stolen passwords. Cybercriminals take advantage of individuals who reuse passwords, use weak passwords or insecurely store their passwords. If one account is breached, cybercriminals can then launch credential-stuffing attacks to see if they can access multiple accounts with the same password.
It’s especially important for colleges and universities to develop security policies around data access and password management. Users should always create strong passwords and never reuse passwords across any accounts. MFA should also be enforced as an additional security layer to passwords that protects accounts in case login credentials are compromised.
For privileged or sensitive accounts, organizations should use a PAM solution, which gives administrators a bird’s eye view of privileged accounts and who has access to them, including third-party vendors and suppliers. Other technical measures, including regular software updates and patch management can address known vulnerabilities and ensure that systems are equipped with the latest security features. Network security measures, such as firewalls and intrusion detection systems will also help secure the digital perimeter.
Finally, regular cybersecurity training and awareness programs for all staff members is also essential. Educating employees and students about the latest threats, phishing techniques, and best practices in data protection contributes to a more resilient security culture. By combining these best practices, higher education institutions can significantly bolster their cybersecurity posture and create a safer digital environment for their academic community.
Keeper Security Government Cloud: The Solution for Higher Education
Keeper Security Government Cloud (KSGC) password manager and privileged access manager is a FedRAMP Authorized cybersecurity platform that protects colleges and universities against cyber threats by utilizing zero-trust and zero-knowledge security.
A password manager removes the burden of having to remember multiple passwords and eliminates the risk of employees using weak passwords or the same password across multiple accounts, which places all of the organization’s accounts and data at risk. Role-based access controls leverage defined roles and privileges to restrict systems access to authorized users only. And Keeper’s Advanced Reporting and Alerts Module (ARAM) provides advanced event logging to meet compliance requirements.
Privileged access management is critical to managing and securing access to highly sensitive systems and data. Legacy, on-premise PAM solutions are often cost-prohibitive, difficult to deploy and contain unused features. KSGC addresses the key pain points and requirements in organizations to prevent data breaches with just the features you need. It seamlessly deploys and integrates with any tech or identity stack in just a few hours and doesn’t require professional services or a large IT staff to maintain.
To learn more about KSGC and how it can strengthen your organization’s cybersecurity, request a demo today.