Related Articles

 

Life Safety, Security, & Operational Conflicts - Our world is full of threats. Unfortunately, some of those...

 

A.L.I.C.E at Point Park University: Alert Lockdown, Inform, Counter, & Evacuate - A man calmly walks into the Academic Hall and enters the...

 

Upgrading Your Campus to Higher Security Credentials - Keeping a university safe and secure is one of the most...

 

PCI Compliance & Questions of Security - Colleges and Universities strive for PCI compliance, but...

 

Protecting Student Belongings as Part of Campus Security Plan - Student security lives at or near the top of every...

 

Video Insight Establishes $250,000 School Security Grant - A Pilot Program has been developed to help underfunded ...

 

LED Lighting A Green Way To Improve Campus Safety - As college tuition continues to rise, so do the costs of...

 

7 Tips For Getting The Most Out of Your Analog Cameras With Video Encoders - Video encoders turn analog cameras into IP video - creating...

 

Private Universities are Getting Smart About Student ID Technology - Whether a card or mobile phone, credentials are becoming...

 

Security and Solar Window Films: Campus Safety and Other Benefits - As universities beef up security on their campuses because...

 

Choosing the Right Access Control Technology for Student Housing - One of the most important aspects of on-campus housing is...

 

Situational Awareness: The Key to Smarter Campus Risk Management - My daughter Elizabeth starts college in a few weeks, so...

 

The Safety and Sustainability Factors of Filtered Fume Hoods, Ductless Fumed Hoods, and Ducted Fume Hoods - Fume hoods are a central component in most laboratories....

 

Teaching and Technology: Regaining Key Control - A key part of providing a high-quality educational...

 

Enhancing Campus Wide Radio Communications - The traditional school year comes to a close, but...

 

Advanced IP Radio Systems for Campus Security - When it comes to campus security, radio systems play an...

 

Video Surveillance Management and Centralization: How Campuses Achieve Cost Savings While Keeping Students and Property Safe - The industry-wide migration to IP video surveillance over...

 

Communications for Campus Security - As another school year approaches, security departments are...

 

Campus Safety Budgeting: Improving Efficiency and Measuring ROI - When budgets are tight, accountability is crucial. As...

 

Automating Attendance, Visitor and Asset Tracking in University Environments: Taking Attendance Like Never Before - Universities are constantly advancing technology and...

 

The Technology of Lightning Warning Systems - Lightning warning technology has evolved over the last 23...

 

Come Together, Right Now: Advanced Lighting for a Forward-Thinking Campus - Paul McCartney and John Lennon had other thoughts in mind...

 

Archives > April 2016 > Colleges and Universities as Prime Cyberattack Targets: Behind the Threat

Colleges and Universities as Prime Cyberattack Targets: Behind the Threat

When it comes to cyberattack targets, many think of retailers and associated credit card transactions or customer information, or perhaps healthcare providers with their ever-increasing storage and transmission of electronic information related to patients. But colleges and universities are increasingly under siege from hackers.

By: Eric Packel

In fact, the education sector, according to recent reports, comes in third place, right after the healthcare and retail sectors, in the number of security breaches. Many universities conduct sophisticated research, whether in engineering, the sciences, or other disciplines. Schools can be a proving ground for new or emerging technologies and innovation. These sophisticated research programs often partner with U.S. government agencies or industry.

Accordingly, schools can serve as a beachhead for other nations and foreign companies seeking to gain competitive advantages, whether economic, political, technological, or militarily. By hacking into university systems, not only can the attackers gain access to sensitive data held by the schools, but those systems can also be used as a jumping point into government computers or corporate networks.

Recent statistics reveal that from 2006 through 2013, over 500 universities reported a data breach (and many more attacks may have been unreported). The trend continues in 2015-2016, when already hackers have targeted large universities in Pennsylvania, Virginia, and Connecticut. In the Pennsylvania incident, over 18,000 students and faculty were affected. So what is behind the targeting of educational institutions?

Hackers Misusing Open Environment of College Campuses

According to an FBI white paper titled "Higher Education and National Security," the systems and open environment of U.S. college campuses may be misused in order to:

. Steal technical information or products
. Bypass expensive research and development
. Recruit individuals for espionage
. Exploit the student visa program for improper purposes
. Conduct computer intrusions
. Collect sensitive research

So hackers, typically working for foreign companies or governments, can help save vast sums of money and development time, by stealing critical research information. A foreign company can then use the stolen data to produce products, but at a much lower cost when competing with the U.S. product, since it did not have the same R&D costs.

This is not only potentially harmful for U.S. businesses, but it also impacts the bottom-line of universities since it may reduce revenue received through patents and technology transfers, and also may result in reduced grants for research and other sources of funding, not to mention potential damage to the university's reputation. In other words, by letting hackers in to steal technical research information, funding organizations may equate that to their own money being thrown out the window.

Internal and External Threats

These threats can be internal as well as external. According to the FBI, foreign businesses may also send their own employees as students in order to obtain information valuable to their company. These individuals appear to be typical students, and do not disclose that they are actually employed with a foreign company.

The FBI's white paper reports that attackers use various methodologies to conduct computer intrusion, including sending phishing emails with malware attached and exploiting social networking sites. Computer hackers, including foreign governments, are capable of breaching firewalls and exploiting vulnerabilities in software used by universities. According to the FBI, U.S. universities receive large numbers of unsolicited requests for information and millions of hits on their Web servers on a daily basis.

To combat these trends, colleges and universities should look to strengthen the security of their networks and deploy sophisticated monitoring and auditing tools. Schools should also be prepared to respond to the inevitable data breach by identifying where sensitive information is stored, prioritizing resources to protect that information, documenting an incident response plan, and rehearsing response strategy and scenarios with their incident response team.

Hackers Moving Freely

And it is not just research or industrial secrets that are of concern. Once attackers are inside the schoocyberattack university l's network, they may be able to move freely within it, accessing other systems that contain student, faculty, and staff information such as Social Security numbers, credit card information, and even academic records. Of course, access to this information can run afoul of federal regulations, such as the Family Educational Rights and Privacy Act (FERPA) as well as numerous state data breach notification laws.

Although schools may be difficult targets to defend due to the open nature of campuses and less strict control over hardware and software that students and faculty use, in the wake of a data breach regulators will still look to see that schools had in place appropriate technological and administrative safeguards to protect sensitive information.

In order to help strengthen their networks and defend against potential intrusions, schools should invest in periodic risk assessments to determine where sensitive information is maintained and what vulnerabilities may exist. At a minimum, administrators should set policies that control and limit access to computer networks and ensure that appropriate safeguards are in place for information both at rest (stored on systems) and while in transit. Administrators can mandate that sensitive information, such as critical research information, as well as personal information relating to students and employees, is encrypted.

Finally, when the inevitable data breach does occur, colleges and universities should be prepared to respond efficiently and quickly with an incident response plan that is already in place and that has been tested via practice scenarios. The incident response plan should identify key participants, including legal, compliance, IT and other relevant stakeholders from the organization and provide key information and resources the team can use to contain, mitigate and respond to a cyber attack.

 

 

About The Author
Eric Packel

is a partner with BakerHostetler in Philadelphia. He focuses his practice on privacy, data security, and technology issues. Eric has significant experience counseling corporations, healthcare providers and other entities on compliance with data breach notification laws, as well as assisting with data incidents.

 

 

 

 

 

PUPN Magazine is a trademark of Flaherty Media, LLC, copyright 2017. PUPN Magazine and all contents are properties of Flaherty Media, LLC.