Cyberattacks are often thought to be directed only at the business sector, but even universities can fall prey to data breaches, according to one expert.
Last year, the University of Calgary was forced to pay $20,000 after ransomware took its computer systems hostage; the attackers responsible demanded the University pay in untraceable Bitcoins if it wanted to access its files again. There has been no indication that any personal or university-specific data was leaked to the public following the attack, but the ordeal serves as a textbook example of what would happen if a large-scale cyber threat strikes a higher education institution.
Search and compare insurance product listings for University from specialty market providers here
“The retail and healthcare industries are known as the most common targets for hackers since they store and process a treasure trove of sensitive data. Nevertheless, a typical higher education institution stores just as much valuable information,” ERPScan CTO and co-founder Alexander Polyakov told
Forbes.
Polyakov mentioned that a typical campus system will store things such as personally identifiable information (including SSNs), payment information and medical records of applicants, students, alumni and faculty – all sensitive data cyber criminals will want to get their hands on. With the average cost of a university’s data record estimated at $200, hacking a university seems a tempting proposition.
Unfortunately for universities, their usual IT infrastructure leaves them open to exploits and breaches.
“A large number of personal records increases the complexity of dealing with data integrity,” Polyakov pointed out.
He also mentioned that an academic institution’s computer network likely allows students to access documents or internal resources through their mobile devices, which can be easily compromised or abused.
Campus software, too, can be used as security backdoors, Polyakov warned.
Other issues the cybersecurity expert said that universities should address include: poor software patch management, weak username and password strength, unencrypted connections, and mismanaged security event logs.
Universities can try to implement as many countermeasures as possible to mitigate their cyber risks, but insurance will still be necessary to cover for any eventual losses.
Related stories:
Cyber-attacks on cloud services “accelerating”
There's one type of coverage brokers just can’t get enough of