Cybersecurity threats are a major problem for the education industry, including higher-ed institutions. In 2021, the industry suffered a 75% increase in cyberattacks. While this increase is at least partially attributable to the COVID-driven shift to online learning, this it not a new or temporary problem for the industry. Education has been one of the most common cyberattack targets for years, and a 2022 report by Check Point Research confirms that this is still the case.
So why are academic institutions such popular cyberattack targets? Read on for a description of three key factors that contribute to this unwanted popularity.
Institution Sizes
The size of higher-ed institutions is one reason why they make such tempting cyberattack targets. Even modest colleges commonly enroll/employ over a thousand students, staff, and faculty. At large universities, that figure is often in the high tens of thousands.
This appeals to cybercriminals for two reasons. First: every person employed or enrolled at an organization is a potential phishing target. In that sense, larger organizations are vulnerable to such attacks.
Second: there’s more profit in targeting large organizations. Universities handle vast amounts of private data – of their students, faculty, staff, even alumni. This quantity of data is worth a fortune to hackers and can put a lot of pressure on institutions to pay up in the event of a ransomware attack.
Outdated Technology
The size of higher-ed institutions alone doesn’t explain why they’re such popular cyberattack targets even compared to other large organizations. Another reason cybercriminals tend to target schools is that schools tend to lag behind when it comes to threat preparedness.
Colleges and universities are very traditional organizations. Additionally, as we’ll discuss in more detail later, they tend to operate under tight budget constraints. As a result, they are often slow to update systems and implement new best practices. The industry as a whole was late to embrace the digital age, and many institutions still rely on older tech and unsecure systems.
A study by SecurityScorecard ranked the education industry dead last out of all major industries in terms of cybersecurity. That being the case, it’s not surprising that colleges and universities are often targeted by opportunistic cybercriminals.
Limited Resources
The main reason why academic institutions are popular cyberattack targets is that they are vulnerable cyberattack targets. And perhaps the biggest single reason for this vulnerability boils down to a lack of resources.
This is true in terms of both budgets and personnel. Funding has been a top academic IT concern for years. And academic IT teams, even at large universities, are often quite small. It’s not easy for a handful of people with a shoestring budget to protect tens of thousands of students, staff, and faculty from cyber threats.
Budget constraints can make it daunting for schools to invest in security training, additional IT staff, or more secure systems. However, avoiding these investments can wind up costing institutions much more. A 2022 report by Ponemon Institute and IBM Security® found that data breaches cost organizations an average of $4.35 million USD. That’s quite the bill for any institution operating under a tight budget.
Kivuto Cloud: Secure & Compliant Software Management
Discover how Kivuto Cloud fosters data security and promotes compliance with software licensing conditions..
