The New Age of Cyber Attacks in Higher Education

Cyber attacks in higher education are still a major problem. Unfortunately, higher education institutions often house a treasure trove of sensitive data and can sometimes fall behind when it comes to implementing the latest cybersecurity protocol. 

As ransomware and other cyberattacks against colleges and universities ramp up, these institutions face hundreds of thousands of dollars in losses – and in some cases, they’ve had to cancel classes until they can regain control over systems and bring operations back online. In worst-case scenarios, these schools face lawsuits over data breaches. 

The Status of Cyber Attacks in Higher Education

In May, the FBI discovered that university and college login credentials were listed for sale both in online criminal marketplaces and public forums. In one instance, Russian cybercriminal forums had advertised the sale of network credentials to several U.S. colleges, featuring screenshots of the stolen credentials. 

Last year, the FBI also uncovered over 30,000 login credentials for .edu accounts available via a public instant messaging platform. The year prior, roughly 2,000 unique usernames and passwords tied to higher education accounts were found for sale on the dark web. 

Ransomware attacks are not slowing, either. A new report from global cybersecurity leader Sophos highlights the concerning trajectory of such attacks on colleges and universities. According to the report, 44% of education respondents in both K-12 and higher education experienced ransomware attacks. That number rose to 64% last year. 

Even more concerning is the fact that almost three-quarters (74%) of ransomware attacks on higher ed institutions succeeded. This success rate trumps the success rate for cybercriminals in other industries, signaling that bad actors look at higher education as a soft target. 

What Institutions Can Do to Avoid Cyber Attacks

The FBI points to specific measures schools can take to guard against attacks. Schools should prioritize software updates and patch installation to eliminate known vulnerabilities. Training programs geared towards employees and students can also educate network users about the risks of phishing, smishing, and other popular attacks. Multifactor authentication can also go a long way in protecting networks against nefarious attacks. 

Network segmentation can also benefit higher education institutions by dividing a computer network into smaller segments. If a ransomware attack does occur, it won’t necessarily be able to down the entire network. 

Cyber insurance is also a popular failsafe that many institutions employ; however, it should not be overly relied upon. While nearly all the surveyed colleges and universities (96%) had secure insurance coverage, qualifying for such coverage requires a baseline level of cybersecurity, and the process to secure coverage can be complicated.

Expert Guidance Can Fortify Security

Unfortunately, cyber attacks in higher education proved to have the slowest recovery times among all sectors in 2021. Many (40%) took over a month to recover, compared to the global average of 20 percent. Additionally, the average remediation cost totaled $1.42 million – an amount higher than the global average across all sectors. 

If you’re unsure of where to begin securing your network and systems against bad actors, Arrow Payments can help. We specialize in payments security and PCI compliance. Our team of experts can consult on the best practices to keep your school secure from cyberattacks both now and in the future. Contact us today.