Remember when you were growing up and you loved those days when you’d have a day off from school because of inclement weather? Those were the days. Now, students sometimes do get days off but for sinister reasons, one of them being ransomware. The education sector is still a lucrative target for threat actors, day in day out.
What’s going on?
BlueVoyant conducted research on 2702 universities across 43 countries and discovered that almost all of them faced ransomware attacks as the main cyber threat. In addition, the average cost of these attacks amounted to $447,000 in 2020. Apart from ransomware attacks, data breaches were pretty harrowing for the sector too, affecting 200 universities over a span of two years.
Attack surface facts
- The attacks increased as academic institutions shifted to remote learning and teaching, leaving their networks vulnerable to threat actors.
- Credentials of university students are in high demand in underground marketplaces, imploring hackers to launch these attacks.
- Academic institutions often find themselves in the scope of attacks due to the lack of cybersecurity training and awareness, scarcity of resources, and low educational budgets.
Some stats your way
- Of all the institutions analyzed, 66% lack basic email security posture.
- Open RDP ports are still a cause of concern as more than three-quarters of these colleges and universities have open/unsecured remote desktop ports.
- Inbound botnet targeting has been observed in 86% of the universities.
- Almost every student uses their personal laptops (97%) and smartphones (89%), which usually don’t have security policies enforced.
- After being hit by a massive cyberattack, Staring College had to pay up an undisclosed amount as ransom in lieu of the stolen data.
- Two researchers from the University of Kentucky and Michigan State University revealed that more than 100 American college websites have been hacked or compromised by essay mills.
- The DeKalb County School was forced to implement changes to student account passwords after reports of hacking emerged.
The bottom line
There’s not much to say apart from recommending the adoption of proper cybersecurity measures, such as making passwords longer and implementing MFA. We are living in a time of continual change and not all change is appreciated. However, these changes should be accepted and adequately dealt with. With the education sector taking a blow due to the pandemic-forced restrictions, it is time that the situation is turned into a better one by enforcing necessary cybersecurity practices.