We’ve seen an alarming rise in the number of cyberattacks against universities in the last few years, particularly as schools moved entirely or partially online during the COVID-19 pandemic. CSO reports that cyberattacks on education and research targets increased an astonishing 75 percent between 2020 and 2021. These attacks threaten to take critical functions offline, disrupting teaching and research, and put sensitive data at risk. And with many universities coping with already reduced budgets, paying to recover lost data can make a crunch worse.
As schools prepare for the fall semester, now is a good time for institutions to review their cybersecurity defenses and consider bolstering them. Here’s a look at why universities are being targeted, how cyberattacks are impacting universities, and strategies for mitigating the threat.
Why are universities targeted?
Universities possess sensitive data attractive to hackers. Data like student loans and fees move through the Bursar’s office, with sensitive financial data stored on department computers, and other personally identified information for students is typically accessible via the university’s intranet, making universities a lucrative target.
Also consider the disruption a ransomware attack can have on daily campus operations. With many courses taught entirely online, or at least featuring a hybrid component, locking students out of learning platforms can bring courses to a halt. If administrators can’t access the intranet, basic enrollment functions can’t be completed. Because some larger universities also have their own utilities operations, shutting down access to these systems can make buildings unusable. These are situations universities can’t afford to face for long, making them more likely to pay the ransom.
How are universities being impacted?
The challenges mentioned above aren’t hypotheticals. In 2020, at least 26 colleges and universities faced a ransomware attack, according to an analysis by Emsisoft. At least 14 have encountered ransomware attacks already this year.
The schools that have the resources to fight back will. In 2020, the University of California – San Francisco faced a ransomware attack impacting its School of Medicine, encrypting some of its important data. The school ultimately paid more than $1 million to get back online, a steep cost even for one of the nation’s largest higher education systems. Michigan State University faced a similar attack that year, but refused to give in to the ransom, resulting in sensitive data being leaked online.