The importance of securing your students’ data

• Belgium’s parliament and universities hit by cyber attack – Euronews, May 5, 2021.
• FBI leading probe as cyberattack continues to cripple RPI – Times Union, May 11, 2021 
• Glasgow Caledonian University targeted by hackers in cyber attack – The Herald, May 18, 2021
• UniSA cyber attack hits staff email – Financial Review, May 19, 2021

These are just a few of the headlines that show up on page 1 of Google News when you enter “University cyber attack” in the search bar. Cyberattacks against the educational sector are on the rise, both in the United States and globally. In fact, 2020 was a “record-breaking year,” according to recent findings, with an 18% increase in attacks against K-12 schools. The rate of ransomware attacks against higher-ed institutions has increased by 100% in 2020. 

Not only has the frequency of the attacks skyrocketed, but so did the cost incurred by the institutions as a result.

Source: Verizon

In 2020, a cybersecurity breach had cost, on average, $447,000 to a victim-institution.

Yes, much can be attributed to the chaotic state of affairs caused by the global COVID-19 pandemic. As K-12 and higher educational institutions were forced to switch to digital learning practically overnight, many found themselves scrambling to prepare their IT systems for such a massive transition. Using unsecure digital tools and failing to provide timely training to employees and students on responsible cyber behavior didn’t help either. However, many institutions failed to have even the most basic protections in place. For example, 66% of universities and colleges “lacked all basic email security configurations, which left these institutions exposed to phishing attacks.”

Whether a cyber breach happens due to the negligence of an educational institution to put the necessary protections in place or due to a third-party breach, the fact remains: Student data is a highly valuable asset, and, as such, institutions that hold this data will always be a target of cyberattacks.

Organizations in the educational sector are in possession of an enormous amount of data: students’ and employees’ names, addresses, email accounts, passwords, financial data, social security numbers, patient data, proprietary research, etc. If a ransomware attack is successful, the perpetrators can either get the ransom payment or sell this data on the dark web, where it is a commodity that gets sold and resold over and over again.

When malicious actors are in possession of such confidential, sensitive information, consequences can be long-term. Students’ data can be used to access their banking accounts; their names, addresses, phone numbers, dates of birth, and social security numbers can be used to apply for credit cards, resulting in financial scams. Not to mention the damage to the reputation of the institution. 

However, all of this pales in comparison to the potentially deadly implications of a cyberattack. For example, when Duesseldorf Heinrich Heine University in Germany got hit by ransomware, one of the institutions in its network, the Duesseldorf University Hospital, was unable to admit a patient who required urgent medical assistance. The patient – a woman with a life-threatening condition – had to be re-routed to a hospital 19-miles away, which resulted in her death. 

While cyberattacks tend to target institutions as a whole – gaining access to a large volume of confidential data for financial gains – the proliferation of Ransomware as a Service now gives anyone the ability to purchase a malware kit on the dark web. It is not unimaginable for malicious actors to use this as an opportunity to target individuals and try to gain access to very specific information.

Having said that, there is plenty that organizations in the educational sector can do to mitigate the risk. From regularly training employees and students on how to spot suspicious behavior to setting up multiple layers of cybersecurity, there are robust solutions that can help both minimize the risk of a successful attack and significantly reduce the damage a successful attack would cause. Get in touch with us today to schedule a call with one of our cybersecurity experts to discuss your cybersecurity needs.