As seen on eCampus News

Ransomware vs. resources: A higher education dilemma

Several key strategies can help higher education strengthen its digital defenses, combat ransomware, and set the groundwork for a safe and resilient future
By Andrew Hollister, CISO & VP Labs R&D, LogRhythm
September 15th, 2023

Several key strategies can help higher education strengthen its digital defenses, combat ransomware, and set the groundwork for a safe and resilient future

Key points:

August’s data breach warning from the Colorado Department of Higher Education following a ransomware attack is just the latest in a long string of attacks on higher education. In June, Kaiserslautern University of Applied Sciences in Germany confirmed that it was hit by a ransomware attack forcing its entire IT infrastructure offline just a week after three other European universities disclosed cyberattacks. 

According to a recent report, system intrusion, miscellaneous errors and social engineering represent 76 percent of breaches in education, and just under half (47.8 percent) of all ransomware incidents in education this year have resulted in data disclosure. Recent incidents in the education sector highlight the increasing complexity of cybersecurity challenges and underscore the need for robust cybersecurity strategies to keep schools protected.

However, these incidents also beg the questions of why higher education institutions are such a hot target for cybercriminals and why these institutions are not learning from previous incidents and doing more to protect themselves.

The dangers of ransomware in higher education

Implications arising from ransomware in higher education are significant and multi-faceted. Attacks can take school-wide systems offline, disrupting learning opportunities and administrative processes. Privacy and data security concerns also emerge, as education systems often house sensitive student and staff data that can be compromised. Additionally, publicized cyber incidents can harm a school’s reputation among academic peers and potential students. Lack of proactive cybersecurity measures and failure to note previous mistakes can create unfavorable opinions that can impact student recruitment, retention, and reputation.

The pattern of attacks in higher education is not just coincidental. The high volume of personal information and research data stored by higher education institutions, coupled with the lack of tradeoff between resources and cybersecurity posture, makes the target on higher education a persistent issue. In comparison to other industries like finance or healthcare, higher education typically has less resources to allocate towards cybersecurity initiatives. Because of this resource limitation, there is typically a lesser investment in cybersecurity technologies, personnel, and training. Cybercriminals are aware of this vulnerability and use it to their advantage.

However, more funding for cybersecurity in higher education can mean taking money away from critical areas like academic programs, infrastructure, or student service. Navigating this trade-off can be difficult.

Navigating resource constraints

In the realm of higher education, where the pursuit of knowledge takes center stage, navigating the intricate landscape of cybersecurity demands a strategic approach that addresses both challenges and opportunities. This journey encompasses several pivotal waypoints:

  1. Risk assessment and prioritization: To determine the most important assets, systems, and data that need to be protected, higher education institutions should do a thorough risk assessment to prioritize cybersecurity initiatives and ensure that resources be allocated where they are most required.
  2. Budget allocation: Budget constraints are an unpleasant reality, but it is still important to set aside money for cybersecurity initiatives. This could involve redistributing funds from less crucial areas or looking for additional funding through partnerships, grants, or fundraisers.
  3. Student and staff training and awareness: Higher education institutions should prioritize cybersecurity education and training programs for staff, faculty, and students, as people who are well-informed are more likely to adhere to best practice.

Following these best practices can be beneficial in several ways, including improved resource utilization, enhanced cybersecurity posture within resource allocation, and mitigated human factor risks. Risk assessment prioritizes protection of vital assets, optimizing resource use by targeting vulnerabilities. Budget-conscious funding for cybersecurity strengthens defenses and lowers the likelihood of successful attacks. By raising awareness and encouraging secure practices, educating faculty and students reduces the chances of human error.

In a landscape where knowledge is paramount and resources are constrained, the ongoing threat of ransomware attacking higher education institutions necessitates a deliberate response. A thorough approach to risk assessment, budget allocation, and cybersecurity education becomes essential as these institutions balance the delicate task of protecting sensitive data while maximizing available resources.

Higher education can strengthen its digital defenses by adopting these strategies, as well as set the groundwork for a safe and resilient future where academic endeavors flourish despite changing cyber landscapes.

About the Author:

Andrew Hollister is CISO & VP Labs R&D at LogRhythm.

eSchool Media Clients and Partners

eSchool Media uses cookies to improve your experience. Visit our Privacy Policy for more information.