Information security in an educational organization
Speaking about the sphere of education, comprehensible statistics of data breaches that were made public date back to 2002 that is the point for the statistics based on Higher Education cyber attacks in the United States (e.g., fraudulent actions, hacking, using malware or unauthorized access and other types of attacks performed by cybercriminals) and the overview of the history of incidents.
Main Reasons Cyber Criminals Are Targeting Higher Education.
Financial profit.
The most obvious benefit is financial. Ransomware attacks, where an attacker installs malware that encrypts a victim’s files and essentially holds them hostage and then demands payment to restore access to the information, can yield big payoffs. This past year, the University of California – San Francisco revealed that it paid a $1 million ransom after an attack on its School of Medicine, and The University of Utah paid more than $450,000 in ransomware when criminals attacked its servers. Hackers can also directly attack payment systems. In some cases, a hacker can get into and impersonate a school’s accounts payable systems and extract money from students and their parents
Data theft.
Universities have enormous data stores, that house information including the personal information of students, staff, providers and vendors like addresses, telephone numbers and even sensitive data like medical records. Criminals that hack into college systems can then use the information to exploit or extort individuals or even the entire school. The situation becomes even more complicated when hackers get into admissions department systems, which might store the social security numbers and academic information of students the school is trying to recruit.
Espionage.
Many colleges and universities are research institutions and theft of intellectual property, especially in critical areas like medicine or engineering, for instance, can inflict severe damage and yield real results for attackers. Attackers can get information on research findings that they can then sell to competitors or even other countries to influence their economies or policies. Attackers can hold the information hostage and demand a ransom paid for its release. An attack can also simply throw a wrench into the projects by restricting researchers from accessing their data and slowing or halting the progress of studies.
Distributed Denial-of-Service (DDoS) attacks.
DDoS attacks are a sort of cyber shock and awe assault on a school’s systems. The criminals typically flood a specific device or network with an overwhelming amount of traffic, causing it to crash and disrupting services either temporarily or indefinitely. In general, DDoS attacks come from multiple sources and are difficult to contain since schools can’t simply block a single attacker. DDoS attacks are particularly nefarious because they may be carried out to exact revenge against an institution, slow down the institution, costing money and time, or even as a distraction while the attackers perpetrate additional attacks.
