Higher education faces unique challenges when it comes to cybersecurity. Data breaches and ransomware attacks continue to plague colleges and universities, though most have taken steps to combat these threats. Even so, a recent report by cybersecurity company SonicWall suggests that bad actors have adapted to enhanced security measures. As a result, higher education cyber attacks have evolved, including increasing malware attacks and increasingly sophisticated phishing attacks.
Malware Attacks on the Rise
According to the SonicWall report, malware attacks targeting higher education institutions increased 26% between 2021 and 2022. Malware volume increased by 157% across the education sector as a whole.
This trend is unsurprising given the ease with which malware attacks can happen. Malware is a type of malicious software (hence “malware”) that attempts to gain access to a system to collect, compromise, or destroy data, devices, and networks. It’s very easy for college students or faculty members to accidentally download malware from websites or social media.
Once it’s downloaded, it may spread to other devices on the network (virus), steal data (spyware), or record a user’s keystrokes (keyloggers) in order to identify sensitive credentials.
Malware can cause significant risk and damage across a university. You’re especially vulnerable if you don’t have the right security tools are not in place.
Ransomware Decreasing, but Higher Ed Still a Target
The report notes that higher education saw a 29% decrease in ransomware in 2022. That said, it’s still a targeted industry, and ransomware is especially nefarious. Institutions are treasure troves of data (including bank account info, Social Security numbers, and student health data) and often don’t have the funds needed to pay ransoms.
As a result, bad actors often end up selling sensitive student and faculty data on the dark web – or using it to open credit cards.
Cryptojacking
Cryptojacking is one of the trickiest types of higher education cyber attacks and is often an overlooked threat. Yet, the education sector experienced a whopping 320x increase of cryptojackings in H1 2023 over all of 2022.
Cryptojacking occurs when cybercriminals covertly use their victims’ computing power to mine for cryptocurrency. Cryptominers are typically rewarded for their efforts by the blockchain’s native coin, but mining for crypto requires a ton of computing power and electricity. This can cause a drain on university resources for schools that are unknowingly victims to this crime.
All it takes is one compromised device; from there, bad actors can spread a cryptomining script to all devices connected to the network.
Phishing Attacks
Phishing attacks are arguably some of the most nefarious higher education cyber attacks. This is, in part, due to the ease with which they can be carried out. With phishing, bad actors attempt to gain access to credentials or personal information by sending emails from a spoofed or hacked email address that appears to be from a legitimate sender. Those emails include links to seemingly legitimate sites that are actually fronts set up by scammers in an attempt to get victims to divulge sensitive personal or financial information.
Fraudsters have become increasingly sophisticated in these social engineering scams, making it very difficult to differentiate between legitimate emails and those created by scammers.
Combating Higher Education Cyber Attacks
Colleges and institutions should employ various levels of security to protect students, staff, faculty, and networks from higher education cyber attacks. Antivirus software, firewalls, spam and phishing filters, enhanced endpoint security, device refresh cycles, and vulnerability scanning are a few of the ways schools can guard against bad actors. Educating and training students and staff to understand what attacks may look like can go a long way as well.
The types of tools and complexity of cybersecurity measures can vary based on your unique needs. They are also dependent on the university size, number of campuses and departments, and budget. If you would like to talk to our seasoned team of payments security experts, contact us today for a free consultation.
