Higher Education Faces a Unique Cyber Threat Landscape

Industry Perspectives 2020-11-19

Data security remains a top priority among IT leaders in higher education. Yet according to the 2018 Campus Computing Survey, only 35 percent rate their security programs as "excellent."

Colleges and universities face a unique threat landscape, and institutions will remain targets primarily due to their:

  • Research data: This data is valuable, especially to bad actors with national interests. Earlier this year, reports highlighted how maritime research programs were targeted by a China-based advanced persistent threat actor called APT40. This group sought to exploit defense-related research and targeted dozens of universities. In another example, nearly 400 universities were targeted by Iranian hackers seeking access to intellectual property.
  • Sensitive data: Like all organizations, colleges and universities collect and store personally identifiable information, including Social Security numbers and financial data. Higher education has a high rate of turnover, with a fresh crop of students every year, which continually adds new sensitive records to the dataset. That’s why there are multiple examples of cyber criminals compromising educational institutions.

It’s impossible to prevent threats and cyber attacks all the time; however, there are steps institutions can take to mitigate risk. The first step is to understand the threat landscape.

Higher Education’s Unique Cyber Threat Landscape

Colleges and universities have data assets that are attractive to bad actors. These attackers typically fall into three categories: cyber espionage actors, cyber criminals, and hacktivists.

Cyber espionage campaigns are often run by well-funded organizations and nation states to gain intelligence or economic information. There are several cyber espionage actors that target higher education. These groups often use spear phishing and watering hole attacks to prey on institutions or individuals. For example, the APT40 group used spear phishing emails to deliver malware that enabled attackers to access research data.

Academic institutions also face threats from cybercrime. Criminal attackers are often just as sophisticated as espionage attackers, but cyber criminals are motivated by financial gain. Cybercrime attacks use many of the same methods – including spear phishing and SQL injection – to gain access to institutions' valuable information. For example, a bad actor posing as the college president might send an authentic-looking email with a link that either leads to a malware infection or lures a fellow administrator into relaying the president’s credit card information.

Finally, colleges and universities are subject to hacktivism. Hacktivists sometimes have ideological or political motivations, such as anti-capitalism or anti-establishment. In other cases, they simply wish to cause disruption. For example, a U.K. study recently proposed that students may be behind some denial-of-service attacks – whether for mischievous fun, to create chaos around exam time, or as retribution for receiving poor grades.

With these varied types of threats, coupled with academia's traditional culture of openness and freely sharing data, it's no wonder that many college and university leaders say their IT security strategies are inadequate. It doesn't have to be that way. To improve cyber security efforts, higher education institutions should develop a cyber resilience strategy.

Learn more about the cyber risks facing higher education and get practical advice from other academic IT leaders by joining the Higher Education Cyber Threat Report webinar, an event produced by the Center for Digital Education and FireEye.