Key points:
- The number of detections around cybersecurity attacks has increased 68 percent in the last five years
- The goal for university IT teams should be increased resilience to these attacks
- See related article: Higher ed experienced the most ransomware attacks of any sector
As we quickly approach the fall semester, we continue to grapple with an onslaught of higher education cybersecurity threats. The recent MOVEit attack highlighted higher education as a target, with educational institutions comprising about a quarter of the victims, according to Reuters. Colleges from coast to coast were impacted, underscoring the ripple effect that a supply chain attack can have.
And the higher education cybersecurity outlook before this attack already wasn’t good. It’s difficult to find a hard and fast estimate of just how many ransomware attacks this sector is dealing with, but if the headlines are any indication, it’s a lot – and those are just the ones we hear about.
Colleges and universities make enticing targets for multiple reasons, including the troves of student data and potential value of research data they hold. Because the education sector is typically resource-challenged, it’s harder to attract and retain top security talent and to maintain an optimally staffed team. Criminals know this, so higher-ed IT and cybersecurity teams must do the best they can to fight phishing and other forms of social engineering, hacking, ransomware and more. Teams also feel the pressure to maintain the institution’s reputation, as a publicized breach can make it harder to attract students–who wants to attend a school where they don’t feel their data is safe?
With this sobering reality in mind, let’s take a look at some of the latest and most pervasive higher education cybersecurity threats we’re seeing. Many of these are not unique to the higher education sector, of course; it’s important to understand the overall threat landscape and how higher ed fits into that picture.
The continued sophistication of ransomware
Attackers continue to improve their tactics and techniques. Even though ransomware has been around for decades, we’ve recently seen attackers use more advanced and complex variants to breach networks, partly due to the growth of Ransomware-as-a-Service (RaaS) operations. Furthermore, ransomware activity ended the first half of 2023 13 times greater than at the beginning of the year, according to recent research. That indicates ransomware volume and sophistication isn’t slowing down at all.
That same research also found that fewer organizations are finding ransomware on their own networks: 13 percent in the first half of 2023, compared to almost 25 percent five years prior. However, this is not good news. Rather, it’s unfortunate because it shows that malicious actors are using very adaptive playbooks to carry out more targeted attacks.
A move to more targeted attacks
Bad actors are diversifying their efforts and taking a much more targeted approach as opposed to a “spray and pray” effort. According to research, the number of unique exploit detections has increased 68 percent in the last five years, indicating that attackers are increasing the number and variety of their exploits. But the data also shows a 75 percent decrease in exploitation attempts per company and a 10 percent decrease in severe exploits. Both of these figures point to an increase in the sophistication and targeted natured of cybercriminals’ efforts.
Over the last five years, the number of malware families and variants has increased by 135 percent and 175 percent, respectively. Additionally, there were more active botnets (27 percent increase) and companies that were more likely to contract botnet infections (126 percent increase). The most worrying aspect of botnets is that they have grown more persistent over time, “lingering” on networks for longer periods of time before being found and blocked.
Threat intelligence + action = resilience
Threat actors aren’t going to stop their nefarious and disruptive behavior, especially when organized cybercrime groups make it simpler for them to make fast money. Yet there are many steps IT teams at universities and colleges can take right now to better defend their networks from these threats. The goal should be increased resilience to these attacks.
To tackle the ever-rising volume and complexity of cybersecurity threats, the education sector must share and use threat intelligence like never before. In addition, developing successful cybersecurity measures requires an awareness of attack pathways, from initial access points to post-exploitation actions. Lastly, there has never been a better opportunity to be proactive by updating your team’s procedures and playbooks as well as integrating newer security technologies. It’s essential to create and maintain strategies that protect education networks both now and in the future.
Back-to-school cybersecurity
With targeted higher education cybersecurity threats at an all-time high, back to school means back to cybersecurity high-alert. Recent incidents like the MOVEit attack highlight universities’ vulnerability. It’s the nature of the beast that resource constraints hamper robust security measures, making higher education a desirable target. Ransomware is continuing to evolve in complexity and threat actors are shifting towards targeted attacks. This means collaboration and proactive defense are paramount, as are sharing threat intelligence, understanding attack lifecycles, and integrating new security technologies.
By staying informed, higher-ed IT pros can stay ahead of malicious actors and their evolving strategies, safeguarding their institutions, data and reputations effectively. As you brace for the semester or quarter, your expertise and readiness will be pivotal in maintaining a secure digital environment at colleges and universities.
Related: 3 simple steps to achieve cyber maturity
Bob Turner has years of experience as a higher education executive, board member, and thought leader with a focus on cybersecurity strategy and leadership, information assurance and business continuity planning, and information technology management. At Fortinet, he is the CISO for K-12 and higher education acting as a senior level strategic business and technical advisor for the cybersecurity community and business executives. Previously, Turner was a cybersecurity executive and Director of the Office of Cybersecurity reporting to the Chief Information Officer/Vice Provost for Information Technology at the University of Wisconsin at Madison. There, he built a cybersecurity team of 60+ cybersecurity experts delivering all cybersecurity services as well as improved university IT policy development by working with distributed IT and faculty governance groups to ensure cohesive approach to IT policy, governance, audit, and cybersecurity operations.
- The link between AI fluency and the next education revolution - May 3, 2024
- Coalition looks to accelerate LER adoption in higher ed - May 1, 2024
- Selective universities won’t be disrupted - April 30, 2024