Note: The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to My TechDecisions.
As expected from authorities anticipating an increase in threats to the education sector, cyberattacks are continuing to wreak havoc on colleges and universities across the United States. As of the beginning of May, there had already been 27 confirmed ransomware attacks against U.S. institutions. These ransomware numbers only tell part of the story as data breaches, malware attacks, and more account for an even greater number of threats, not all of which are reported to the public as they occur.
The second quarter of 2023 has seen a flurry of cyberattacks strike higher education institutions, including West Virginia’s Bluefield University, Tennessee’s Chattanooga State Community College, and Georgia’s Mercer University, among others. Beyond the obvious consequences of ransom payments and leaked personal data, some of the most severe attacks in recent memory have culminated in the delay and cancelation of classes, as well as the closure of one college in Illinois entirely.
With attacks against higher education on the rise year-over-year, campuses have become one of the top targets for attempted data breaches, ransomware attacks, malware, and more. Feeling the effects of various financial and/or technological hurdles, most schools are not currently equipped with the security controls to adequately defend themselves from increasingly sophisticated cyber threats that continue to hamper the community.
This increase in cyberactivity should serve as a wake-up call for higher education institutions to reevaluate and enhance their cybersecurity postures. Here are some of the top considerations for higher education leaders seeking to plug the gaps in their cybersecurity strategy.
One of the recurring themes in attacks against higher education is the vulnerability of sensitive data. From student, staff, and faculty information to sensitive school records, there are countless data assets that, if breached, can be weaponized against institutions.
Data exfiltration, or unauthorized data transfer, is a leading threat to data security in higher education. To help prevent data loss, colleges and universities need to be able to monitor user and entity behavioral analytics (UEBA) and they need to be able to watch their network using a network detection and response (NDR) tool. This allows schools to detect, qualify, and remediate any anomalous activity at the individual level, as well as malicious or unauthorized attempts at exfiltration.
For colleges and universities, student information, research data, and assessment criteria are all critical to daily operations. However, it can be common for institutions to encounter unauthorized access to these types of crucial information due to a lack of IT resources and necessary safeguards. This can result in the loss of confidentiality, integrity, and availability of technological assets, among other things.
To better facilitate and manage user access to sensitive data, schools should implement an effective IT security strategy intentionally designed to protect critical assets. This strategy should include the compartmentalization of data and provide a least privileged approach to accessing that data. Utilizing a least privileged approach, users are only granted access to the data required for their specific roles. This helps to prioritize the protection of intellectual property that is so valuable to higher education institutions. In doing so, schools can better protect the privacy of their students and employees and their reputations.
Even with cybersecurity mechanisms in place, no security threat can be resolved if it falls undetected. Colleges and universities must be able to detect, alert and automate security response capabilities when threats arise. Institutions should consider adopting security orchestration, automation, and response (SOAR) tools to help standardize and scale their incident response.
By relying on SOAR, schools can automate workflows to accelerate various stages of the threat investigation and response processes. Given the severity of a particular threat, it can be escalated to key decision-makers for a manual response or remediated automatically (or semi-automatically) from a playbook of preselected actions. Ultimately, SOAR is intended to help security teams cut through the noise and allow them to prioritize and direct their attention toward the most pressing threats.
Protecting and Prospering
Given the attack patterns of the last two years, cyberattacks in higher education are not going away overnight. Colleges and universities continue to be targeted by malicious actors for a reason. As long as institutions remain underequipped to monitor and respond to cybersecurity threats, they will find themselves with a target on their back.
Regardless of an institution’s budgetary constraints, there are tried and true precautions that can be taken to better protect their campus. Implementing threat detection, stricter access controls, and stronger data security measures are all foundational components of an effective cybersecurity strategy. By solidifying that foundation, colleges and universities can do their part to avoid being next in the line of higher education victims.
Another version of this article originally appeared on our sister-site Campus Safety on August 14, 2023. It has since been updated for My TechDecisions’ audience.
Kevin Kirkwood is Deputy CISO for LogRhythm.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!