The State of Higher Education Cybersecurity: Top Insights and Trends

Higher education is a major target for cyberattacks. The education and research sectors were the top targets for cyberattackers in 2021, with an average of 1,605 attacks per organization per week, a 75% increase over 2020. While it's true that attacks increased considerably across all sectors, the average increase across corporate networks globally was 50%. So, why is education such an outlier? The effects of the pandemic and the return to in-person learning are a big part of the equation. The Log4j vulnerability also opened colleges and universities to more attacks. Furthermore, educational institutions often don't have the same resources as businesses in other sectors to protect against the rise in cyberattacks. As other industries have become more aware of the dangers of a potential attack, colleges and universities have become an easier target.

Like other organizations, higher education institutions spend millions trying to recover from a cyberattack. However, they also face other serious consequences. Data breaches compromise student data, expose research information, and can even lead to the theft of government data. Distributed Denial of Service (DDoS) attacks and ransomware attacks can force an institution to close down for days. Reputation damage can stretch far and wide affecting enrollment levels for years into the future.

Attacks on critical infrastructure topped cybersecurity headlines in 2021. The most notable ones affected food and oil distribution to several states. Universities and colleges are vital to national security, public health and safety, economic security, and technology. These institutions educate the professionals that keep many modern industries in place. As a result, they could be considered critical infrastructure as well. To protect colleges and universities against the growing threats, it's essential to examine the current state of cybersecurity in higher education and work in the industry to eliminate network vulnerabilities.

The State of Higher Education Cybersecurity

A 75% increase in cyberattacks year over year is a powerful number. Yet, it doesn't show the entire impact of the effects of increasing cyberattacks in higher education. The nature of the academic community is to share knowledge. However, providing access to shared knowledge presents critical vulnerabilities. As a result, nearly three-quarters (74%) of attacks on colleges and universities have been successful. In comparison, 68% of attacks were successful in the business sector, 61% in healthcare, and 57% of attacks succeeded in the financial sector.

Beyond the high rate of successful attacks, colleges and universities face unique circumstances when recovering from an attack. Among all sectors, higher education had the slowest recovery times following an attack, with 40% taking more than a month to recover (twice the global average of 20%).

When faced with an encryption attack, higher education institutions have a lot to lose in a short period of time. Attackers requesting a ransom know that a data breach that exposes student data, sensitive research information, or financial data will most certainly cost the school more than the payment. As a result, urgent ransom requests are particularly effective in the sector. Yet, recovery isn't always a guarantee. Half of targeted higher education institutions that participated in a survey admitted they paid ransoms to restore their data. While 61% got some of the data back, only 2% had all data safely returned. 

Attacks against higher education institutions aren't decreasing. Within a 30-day span in spring 2022, educational organizations were the target of more than 6.1 million malware attacks. Business and professional services were the second most affected sector and saw only 900,000 attacks in the same time span. The risks of increased ransomware attacks on higher education were outlined in a 2021 FBI brief describing PYSA attacks in which cyberattackers use credential theft or phishing tactics to discreetly exfiltrate files from the victim's network before encrypting systems and demanding a ransom. These double extortion attacks generally request a rapid payout and can are more effective against organizations that plan to depend on backup to simply restore files instead of paying a ransom.

The higher education sector faces multiple regulations for protecting information. Educational institutions face regulations regarding personal student data, financial information, academic research, clinical research, government research, etc. Any transgression of the handling of such information can put an entire campus at risk for negative media attention and litigations. Along with this unwanted attention, legal and regulatory noncompliance can result in associated fines, penalties, and sanctions by the federal government. 

Why is Higher Education a Target for Cyber Attacks?

High-profile attacks on financial institutions, Fortune 500 businesses, critical infrastructure, and healthcare facilities make headlines. Although these large institutions present a financially attractive target, they often are more challenging to breach. Higher education institutions operate on a more easily accessible network for the purpose of sharing knowledge. They also have the benefit of harboring many types of sensitive data that criminals can potentially exploit. These are the main factors that make colleges and universities a prime target for cybercrime.

• A wealth of data exists in one network. Student records alone contain personal, medical, and financial information. Data collected by research universities can include information from government agencies, NASA, the National Institutes of Health (NIH), and the military.
• Sprawling networks make an easy target. A combination of long-time internet use and stringent budgets mean colleges and universities often maintain legacy systems with more vulnerabilities. Large campuses utilize multiple devices and IoT tools. Cybersecurity hygiene is often limited at best as students prioritize convenience over safety. Bring your own device (BYOD) policies require easy network access from a variety of vantage points.
• Compliance frameworks can make effective cybersecurity complex. While many regulations focus on data safety, higher education institutions are also subject to regulations surrounding freedom of information.
• Third-party and subcontractor relationships present added vulnerabilities. Like other businesses, higher education institutions communicate with third-party vendors and subcontractors. These relationships can be a double-edged sword presenting additional points of entry or providing an attractive target for attackers.
• Small budgets lead to limited security. Educational institutions are often forced to work on a stringent budget and depend on donor funds. As a result, departments like athletics are often a priority, leaving IT teams with few tools and professionals to adequately protect against modern cyberattacks.
• Disruption can be disastrous. DDoS and ransomware attacks are anonymous, inexpensive, and becoming easier than ever to deploy. An attack that shuts down a network, or even part of the network, can interrupt the entire campus for days. Such an attack halts learning and will bring national media attention.

Top Security Concerns Facing Higher Education

Cyber attacks are increasing in number, sophistication, and cost across all industries. Recent focus on attacks that target government agencies and critical infrastructure has resulted in increased attention to cybersecurity efforts and regulations. While new legislature might not directly affect the education sector, requirements related to healthcare and public health, financial services, the defense industrial base, government facilities, and critical manufacturing can indirectly relate to higher education institutions. Beyond the rapidly increasing threat landscape targeting colleges and universities, these are some of the top concerns facing higher education.

Compliance Requirements

Educational institutions are faced with ever-increasing pressure to adapt new technology to support digital learning. While the technology provides easier access to information, it also presents new vulnerabilities. Higher education institutions must follow these regulations to ensure the privacy, confidentiality, and security of the varied types of data they use and store.

• Family Educational Rights and Privacy Act (FERPA)
• Federal Information Security Modernization Act of 2014 (FISMA 2014)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Higher Education Act
• Student Aid Internet Gateway (SAIG) Enrollment Agreement
• Payment Card Industry Data Security Standard (PCI DSS)
• Cybersecurity Maturity Model Certification (CMMC) Program

Budget Cuts

The pandemic deeply affected the education sector in many ways. Remote learning in higher education proved to be a challenge and a disappointing experience for many students. The on-again-off-again nature of pandemic learning led to lower success rates and higher dropouts. Students were angry about paying for a college experience they weren't receiving. Of the 2.6 million students who started college in fall 2019, 26.1 %, or roughly 679,000, didn't come back the next year.

Students left because of health concerns, family emergencies, financial issues, and the failure of the institution to meet their needs. Even as the effects of COVID ebb, student enrollment in colleges and universities continues to decline. The figures show that 662,000 fewer students enrolled in undergraduate programs in spring 2022 than the previous spring – a drop of 4.7%, which is steeper than the decline in fall 2021. To date, the undergraduate student body has dropped by nearly 1.4 million students, or 9.4% during the pandemic.

As states struggle to recover from the pandemic and face recession predictions for the future, funding for higher education is likely to take another severe hit. Shrinking budgets make it harder than ever for higher education facilities to invest in cybersecurity measures. 

Limited Resources

The nature of higher education networks makes them a challenge to protect against breaches and attacks. College networks cover a huge amount of space and allow users to connect through a variety of remote devices. Institutions are focused on making access easy for students and campuses are notoriously stranger friendly. Protecting such a vast network requires an extensive cybersecurity solution. Yet, colleges and universities often work on tight budgets with limited control over which departments are funded. The combination of these issues makes higher education institutions low-hanging fruit for hackers.

Legacy Systems

As  early adopters of the internet, higher education institutions have maintain equipment that has been a part of their infrastructure for ages. Legacy systems are difficult to update and a challenge to protect against modern cyberattacks. While updated systems would help provide a more secure network, shrinking budgets mean funding can either go to updating systems or cybersecurity measures. As a result, cybersecurity is often designed directly around compliance and fails to adapt to new threats. 

Increase of Endpoints and Vulnerable Platforms

Cyberattacks hit schools and colleges harder than any other industry during the pandemic. The average ransomware attack cost educational institutions $2.73 million ($300,000 more than the next highest sector). As sudden restrictions were imposed across all states, educational institutions scrambled to adopt immediate avenues to remote learning. Students and staff used personal devices, loaned devices, and purchased inexpensive devices to connect to university networks. In many cases, such devices are outdated or not properly patched against known vulnerabilities. 

The race to provide students with access to learning opportunities also forced schools to use online platforms to conduct online classes. These platforms were targeted as new entry points into academic networks. Fear and uncertainty during the pandemic and a changing network also provided hackers with more baiting opportunities to target users in a less secure environment. Even as students and staff returned to in-person learning, the use of personal devices remained high. Ongoing efforts to provide effective cybersecurity will need to take this growth of endpoints into consideration.

BitLyft Takes Action to Protect Higher Education from Cyber Attacks

BitLyft is a managed detection and response company based in Michigan and the creators of the BitLyft AIR® platform, which combines managed services with software for automated and proactive security. We focus heavily on providing effective cybersecurity solutions for higher education institutions. More than half of our clients are in higher ed, and that number continues to grow. Our platform uses SIEM, 24/7 remote SOC, SOAR, and CTI to protect higher education institutions from cyberattacks.  

The sheer volume of attacks targeting colleges and universities combined with the fact that these modern attacks utilize phishing and other methods to manipulate users makes it impossible for human interference to manage the problem alone. That's why AI is the engine that drives our proactive protection platform. 

Threat actors are already using AI. Yet, security is often reactive in higher education. Instead of seeking out potential threats, IT teams respond to a threat when an attack occurs. Proactive protection is essential in today's threat landscape. To be proactive, you need to be able to see threats outside your environment and have contextual information to understand the nature of the threat trends and immunize your network against them.

While some companies advertise the use of AI, the technology is often not used to its fullest potential. At BitLyft, we utilize central threat intelligence (CTI) to automatically immunize networks in different environments against threats before attackers access multiple networks. Our CTI environment is a warehouse of threat information that provides contextualized information about existing threats. The platform is integrated into the firewall of our clients and is updated with new information as frequently as the client's firewall allows (typically every few minutes). When a threat occurs, the IP address is added to the CTI network which immediately flags the threat and automatically updates all firewalls within the BitLyft network to protect against it.

Case Study: BitLyft AI and CTI Mitigate Phishing Attacks

A private university in the midwest with a combination of campus and online students sought help from BitLyft when the workload of managing network security became too much for a security team of one (a good one, but still one). The school was on a tight budget with minimal funds for security and instructions to do more with less. BitLyft provided the answer with AI and CTI that leverages efficiency to save money. 

An attack occurred at an inopportune time, but BitLyft was able to step in immediately, notify the university, and minimize the threat. The incident was a phishing attack that generated a customized alert.  The phishing attack itself wasn't entirely a surprise since students and faculty had already been targeted with widespread phishing attacks. The source was the surprise. The attack was sent from another university with compromised email accounts, a clear sign that the attack was highly targeted to the higher ed space. Upon receiving the alert, BitLyft analysts stepped in to mitigate the threat immediately. 

The validated alert was automatically added to the CTI database. As a result, the firewall updated immediately. Instead of generating alerts, the source IP was blocked by the firewall, and the phishing emails were stopped from reaching their targets. Since CTI facilitates the same updates across all the environments of BitLyft clients, other institutions that had not yet been targeted were automatically protected from the threat in the process. 

Case Study: BitLyft Works as an Extension to IT Team for Improved Security 

A public university in Wisconsin with a decent-sized IT staff of nearly 20 employees lacked the necessary focus and training in cybersecurity to effectively protect the university. Students and staff were receiving phishing emails and spam through their Office 365 email. Recipients were clicking on malicious links and losing significant sums of money from the scams. The school chose BitLyft as a partner to provide a custom solution.

Installation of the SIEM allowed the college to capture every network log which illuminated what was happening on their network at any given time. Next, BitLyft helped set up real-time alarm notifications to notify the university of potential threats. The bulk of the attacks became recognizable almost immediately and the phishing attacks were reduced quickly.

BitLyft's SOC team continues to work in tandem with the college to monitor, address, report, and collaborate about upcoming projects and impending issues. Weekly meetings are held to discuss challenges, investigate notifications, and remediate threats. The partnership between BitLyft and the school has significantly reduced the number of phishing and spam emails that users are exposed to. BitLyft professionals act as an extension of a team of highly capable IT professionals to provide the specialized cybersecurity knowledge required to mitigate modern cyberattacks targeting colleges and universities.

Case Study: BitLyft Increases Visibility to Recognize Phishing Attempts

When a well-known university in Illinois started to get hit with a number of phishing attempts, staff began working extra hours to remedy the situation. The attacks increased exponentially until the university began to look to an outside source for help. After comparing the cost of on-prem SIEM to cloud-based SOC as a Service, the university chose to partner with BitLyft. Once BitLyft installed its robust cybersecurity platform powered by LogRhythm, the university immediately began to see benefits from the enhanced visibility into its network. Instead of spending hours tackling a single issue at a time, the team could recognize patterns and address the problem as a single issue.

The increased visibility showed the team things they weren't seeing that they should have tried to mitigate. In addition to exposing logins from unfamiliar locations, data from BitLyft helped the university implement a process to reduce reaction time before a breach even began. Automated response has closed time down to zero on most cases, effectively neutralizing threats before they affect the network. Routine reports and weekly meeting have also provided a major benefit in maintaining a healthy cybersecurity posture and forming a real partnership with the BitLyft team. The internal team is confident they have a professional partner that is available and responsive at all times for any type of attack.

Finding the Right Cybersecurity Solution for Higher Education

Networks in higher education require a complex mix of easy accessibility and highly effective security measures. These institutions are typically restricted to limited budgets that require a cost effective cybersecurity solution with a high ROI. Addressing the growing number of attacks targeted at colleges and universities is essential to maintain an environment of accessible learning for the scientists, medical professionals, technology experts, economic professionals, and national security experts of tomorrow.

Cyberattackers target higher education institutions because they are an easy target. Yet, they don't have to be. The sprawling networks of colleges and universities and the compliance regulations they must follow are complex and exhaustive. At BitLyft, we have extensive experience in the higher education industry. Contact us to learn more about protecting your higher education network against the growing number of cyberattacks targeting the industry.