Be wary of extinction--ransomware can be the cause of a number of issues at institutions, including the demise of the institution itself

Here’s why ransomware is a top threat to institutions


Be wary of extinction--ransomware can be the cause of a number of issues at institutions, including the demise of the institution itself

High-profile ransomware attacks are dominating the news. From healthcare organizations to critical infrastructure, no sector is immune to cyberattacks seeking a huge payout with malicious ransomware.

This is especially true in higher education, which is the second most common target for ransomware attacks and security breaches. In 2020, 1,681 schools, colleges, and universities reported security incidents, and in 2021, 58 percent of educational institutions that had been hit by a cyberattack said the bad actors were successful in encrypting their data.

Why are educational institutions so vulnerable? Part of the issue is institutions often have the financial resources to pay high ransoms. They also don’t want to lose vast amounts of research data – or the personal information of their student and employee populations, which could damage their reputation and affect future recruitment. The result is schools are more willing to quickly pay high ransoms just to get back online.

The growth in remote learning has also provided a great opportunity for bad actors. Legacy VPN and firewalls increase attack surface with seemingly endless entry points to the network and a constant stream of new code vulnerabilities. Add the ever-widening variety of user personas in higher ed – students, researchers, administrators, etc. – that need varying levels of access, and institutions’ legacy security can’t keep up.

Schools do not remain unscathed by just paying the perpetrators. Ransomware can also result in an extinction event for higher education. Lincoln College, founded in 1865, had weathered numerous crises over the course of its history including a campus fire in 1912, the Great Depression, and the 2008 global financial crisis. When a ransomware attack in December 2021 disabled access to institutional data, fundraising and admissions, it took four months for services to finally be restored. Unfortunately, this was too late, and the college was forced to shutter its doors.

The Danger of Lateral Movement

Higher education networks are especially attractive to attackers because the data center is the center of gravity – “the hub” containing all apps and services, and users connect to the hub/network from “spokes” like virtual private networks. Their underlying security architectures assume east-west traffic behind the security perimeter is trustworthy. Once attackers breach the network firewall, they are free to move around laterally, compromising additional systems without being visible to technology teams.

eSchool Media Contributors

"(Required)" indicates required fields