Cyberattacks continue to rise. In the first quarter alone, we saw a 25% increase in the number of monthly cyber attacks. And attacks on higher education institutions are rising, too. Perhaps most disturbing is the increase in ransomware attacks along with a doubling of the average demand in such attacks. As recently as July 2019, a private college in New York City had its website shut down by hackers demanding $2 million dollars in ransom. Why do hackers target universities and colleges? Three reasons stand out:

1. Financial opportunities. As with most hacking, money is the main motivation. In 2018, 79 percent of the attacks on educational institutions were financially motivated. “Cybercriminals have many opportunities, from stealing money to holding college’s data or websites captive for ransom. While not all institutions have deep pockets, if they can be hacked easily the payoff is worth it”, says Brian McCarthy, CSE with Cherub Availability Services, well-known author, and security guest speaker at RSA, ISSA and others.
2. A wealth of personally identifiable information (PII). Higher education institutions are a goldmine for PII. They have large student populations with fresh credit histories, plus alumni and employee data. Universities and colleges often store a wide variety of valuable information, everything from loans and bank account information to social security numbers and passport information—even healthcare data.
3. Valuable, confidential research. More and more, institutions are the target of nation-state actors and non-state actors seeking secret military or other valuable research data. Just this spring, The Wall Street Journal reported that Chinese hackers targeted twenty-seven universities including the Georgia Tech, UCLA, Massachusetts Institute of Technology and the University of Washington. The hackers were seeking information about maritime research associated with the United States military. Cyber-espionage attacks in educational institutions are 3.5 times greater in 2019.

What makes higher education institutions such good targets?

Here are five reasons why hackers find colleges and universities to be easy targets:

1. Educational institutions still aren’t secure enough. Education ranked the lowest of all industries on cybersecurity in Security Scorecards 2018 report. Colleges, especially public institutions, struggle with budgets. Investments in security come at the cost of other items, and too often are put on the back burner.
   Lax security is an invitation to cybercriminals You might as well put up a sign: Attack Me.
2. Open networks and lots of apps. College networks cover a huge space and provide students and staff access to many different applications and data. Every location is an opportunity. Institutions are focused on making access easy for students and providing all the services that make their institution competitive with others. But that opens doors for hackers.
3. Students make easy targets. Corporations can train their employees and even their contractors. They invest in cyber education. Colleges have a new crop of students every year and with such a large student base, it’s impractical to do extensive cyber education. The young population is often inexperienced and falls prey more easily to common hacking techniques.
4. Many, many devices. College campuses are the king of BYOD. Everybody is connected through their own laptops, desktops, phones, and tablets. Each device is an opportunity.
5. Big campuses that are stranger friendly. When it comes to social engineering tactics, tailgating, or man-in-the-middle attacks, you don’t get a richer environment than a college campus. Strangers enter easily, go undetected, and can plant USBs, intercept traffic, or easily enter labs and research areas.

The low-hanging fruit for cyber security

The increased impact of cybercrime on schools is a textbook case of the need for all organizations to shore up their cybersecurity approach.

The place to start is to have a strategy in place to monitor, detect and respond to threats in real-time. But with limited resources, the learning curve is steep and establishing adequate protection within your organization isn’t always feasible.

A security operations center (SOC)-as-a-service like Arctic Wolf makes it simple to stay protected through the use of machine learning and human expertise.

Because IT teams analyze threats and vulnerabilities around the clock, they can more effectively evaluate and prioritize risks to put their full focus on the cybersecurity efforts that will have the most impact. In addition, SOC-as-a-service helps overtaxed IT teams bolster their cybersecurity expertise by providing 24/7, on-demand access to a dedicated Concierge Security Team of experts.

For further information contact us at: info@CherubAS.com or call (407) 416-7955.

Discover how you can tackle cybersecurity challenges using SOC-as-a-service by downloading our eBook.