A new report has found that ransomware is the top cyber threat facing higher education amid the shift to distance and hybrid learning.
BlueVoyant, a cybersecurity services company, found in its report released Feb. 23 that ransomware attacks against universities increased by 100 percent between 2019 and 2020. Ransomware attacks are costly for colleges and universities, with the average cost totaling $447,000.
Cybersecurity concerns are nothing new for higher education, but the risk has been greatly enhanced due to the COVID-19 pandemic. Many universities are rapidly deploying a host of new technologies and teaching methods, including distance and hybrid learning, as well as new apps and portals to facilitate the different learning modalities. The report said these changes “exponentially increase their vulnerability to a cybersecurity breach.”
“As the nature of teaching and the student experience changes in response to COVID-19, universities and higher education establishments face new challenges, demands, and risks,” said Jim Penrose, chief operating officer at BlueVoyant. “The attack surface has exponentially increased as organizations in this sector move to remote learning and face unique privacy and cyber risks. This is due to the combination of the sensitive data they manage and the nature of how technology is deployed, combined with growing regulations facing this sector.”
While ransomware is the top threat, it is not the only one facing institutions of higher education. The report found that data breaches were the number two threat facing universities, making up half of all cyber events in 2019. Among the 2,702 universities across 43 countries that were analyzed, 200 universities dealt with data theft by nation-states in the past two years.
Universities also struggle with securing their massive credential lists. BlueVoyant said that these lists are heavily trafficked in dark web markets, “underpinning a huge volume of threats targeting accounts and vulnerable websites.” As with many organizations, universities are struggling with ensuring users are creating strong, unique passwords.
“The good news is that many of these issues can be easily rectified with the introduction of cybersecurity technologies, policies, and user education,” Penrose said. “This includes multi-factor authentication (MFA) and long password policies, combined with the ability to block password reuse and simple passwords, and password screening. By combining long passwords with MFA and screening, the chance of being breached through brute force or credential stuffing attacks is considerably reduced.”