Contact Us

Understanding
cyber security
threats to
schools and
universities

Author: Gary Hilson

Universities are tempting targets for cyber security threats because they hold a wealth of valuable data—everything from student information to proprietary research data. Among the various cyber security threats universities face is ransomware, which not only compromises data but can also have a devastating impact on an institution's day-to-day operations.

The distributed nature of university campuses, compounded by flourishing endpoints in the form of Internet of Things (IoT) devices and remote teaching and learning, has further increased the sheer volume of cyber security threats to schools and universities. A failing grade when it comes to implementing security solutions can damage the institution's reputation and lead to lost revenue.

Universities are brimming with valuable data

Student records likely come to mind when thinking about valuable university data, but a lot of other information at university campuses makes them tempting targets.

Post-secondary institutions also generate a wealth of intellectual property on campus thanks to a wide range of research. In the last year, that research has included information related to COVID-19 vaccines and treatments. Depending on the nature of the research, it may be conducted in collaboration with government and private sector partners, so any breach affects more than just the institution. Sometimes the cyber security threats to universities are from hackers looking to make a quick buck, but they can also be targeted by nation-states whose goals are bigger than simple profit from stolen data.

Universities are a treasure trove of personally identifiable information (PII), including Social Security numbers, addresses, email addresses and student records. They also store financial information about students and faculty, including banking and retirement account numbers. Some scientific research, whether co-founded by the government or the private sector, can be appealing because of its economic value. Institutions that include medical facilities are also home to cutting-edge research and patient information.

Cyber security threats to schools and universities vary in scope and impact

A data breach is just one of several cyber security threats to schools and universities.

Data breaches tend to be popular with threat actors because the PII that can be gleaned has the potential to be lucrative. Hackers can gain access through a third-party partner or vendor and escalate their access to the broader university network to steal data. They can even cause havoc such as distributed denial of service (DDoS) attacks that can cripple school operations.

The value of the information residing in institutions of higher learning makes ransomware one of the bigger cyber security threats to schools and universities. Introduced through a phishing scam or malware, ransomware steals data and disrupts operations because student records, research data or course content becomes inaccessible until the university pays the ransom.

Phishing is a common way of executing a ransomware attack because faculty, students and other support workers are all potential targets. Threat actors trick them into clicking on a fraudulent link with emails that look legitimate to entice them to share access to systems, valuable PII or even money.

University campuses are also full of unsecured personal devices, such as cell phones, that connect to the university network, and it's simply not possible for IT staff to review each one to make sure they're safe and secure. When you factor in the adoption of cloud computing and education delivery models that have students learning on campus and online, warding off cyber security threats to schools and universities is more complex than ever.

Good security is full of teachable moments

Blended learning models require blended security, which means IT staff need visibility across the entire campus network as well as how it connects to remote students and faculty.

But managing cyber security threats to universities is more than just detection and prevention. If a data breach or a ransomware attack does occur, the university must be able to recover quickly and thoroughly. It should then use the attack as a learning opportunity to improve security and better understand what the most probable threats are.

It helps to automate as much as possible. That includes having a cyber security risk scoring system that can automatically evaluate technology vendors when they're onboarded. However, staying up to speed on cyber security threats can be difficult for an institution with budget constraints, especially when there's a shortage of security expertise. That's why universities can find value in collaborating with a managed security services partner to help extend security across campus and in the cloud.

A partner can also help with ongoing risk monitoring to assess an institution's security and deliver insights to the IT team so they can identify security gaps and make more informed decisions. This frees IT up to focus on initiatives that enhance learning, teaching and research, knowing that they can be flexible and responsive with proactive and scalable protection against cyber security threats to schools and universities.

Learn more about how Verizon solutions can help secure higher education institutions.