What cyber threats do higher education institutions face?

Higher education institutions are prone to cyber attacks. Elements such as open networks, large volumes of data and freedom of public access expose them to a variety of cyber threats and risks — and there are plenty of examples that can help institutions anticipate and prevent breaches.

Recent research has identified that, every hour, one-third of universities in the UK alone are hit by a cyber attack.  And cyber threats and risks are challenges that will only grow as cyberspace continues to evolve. In order to secure higher education institutions, it is important for their decision-makers to understand the potential threats. Here are just a few examples:

Pennsylvania State University, US, May 2015 

University of Maryland, US, March 2014 

Multiple Japanese universities, July 2015 

University of Delaware, US, July 2013 

King Saud University, Saudi Arabia, January 2012 

Concordia University, Canada, March 2016 

Data breaches

Challenges to protection

Protecting the security of information and IT assets has always been challenging, mainly due to the unique environment and industry in which these organizations operate. Detailed here are some of the challenges that affect the ability of higher education institutions to plan and defend against cyber attacks:

  • Decentralized IT and information security practices, which are the result of various faculties running their own IT and security departments, cause the enforcement of streamlined security practices to become very difficult.
  • Freedom of information is woven into both the higher education sector and academic culture. One of the consequences of this is the prevalence of open networks, which may not be properly monitored for unauthorized access, unsafe internet surfing habits and malware infections.
  • Insufficient resources, specifically information security funding challenges, are typical in many higher education organizations and prevent them from implementing the necessary controls to battle rising cyber risks.
  • Campuses are the ultimate “bring-yourown-device” (BYOD) environments, and there is a plethora of unrestrained devices. This results in the campus IT staff having limited ability to control what machines are connected to the campus network and manage their security controls. The effect is a dramatic increase in the attack surface for the entire institution.
  • Various faculties usually have computing devices used for projects or to store scientific data. In many cases, these devices may be procured by each faculty independently without following formal security architecture guidelines. Unstructured data, generated and processed by these computing machines, is very hard to locate, classify and safeguard.
  • Insufficient physical security results in institutions being unable to determine the original attack vector for security incidents that have a physical element.
  • The lack of threat intelligence collection and sharing between universities and colleges means that these institutions remain unaware of the emerging threats.

The offline legacy of cyber attacks

Cyber attacks against higher education institutions can have an operational, reputational or financial impact, depending on the nature of the attack. 

Identity theft can result in reputational damage, and could subject the institution to regulatory fines and attention, while reputational attacks themselves can have a significant negative impact on competitive advantage.
It goes without saying that financially motivated attacks, such as ransomware, can have a significant financial and operational impact on the higher education institution. But cyber attacks of any kind can also result in a loss of confidence in the institution among current staff, faculty, students and prospective students.

For these reasons, higher education institutions should implement proper controls that safeguard the institution’s most valuable information — as well as its reputation

Discover more