Sep 23 2015

Putting 2015’s Higher Education Cyberattacks into Perspective

Six universities have sustained damaging cyberattacks this year. What does that mean for higher education security?

Campuses are beefing up on information security measures, but sometimes hackers are one step ahead.

Higher education institutions conducting advanced research have moved into the crosshairs of hackers trying to gain access to cutting-edge ideas, reports NBC news.

Universities such Pennsylvania State University (PSU), Washington State University, Harvard University, Johns Hopkins University, the University of Virginia (UVA) and the University of Connecticut are among those that have sustained damaging cyberattacks this year.

The nature of the attacks at these institutions varied. At Pennsylvania State University and the University of Virginia, Chinese hackers were blamed.

PSU sustained two cyberattacks between May and June, affecting the university’s College of Engineering and College of Liberal Arts, respectively. The engineering attack resulted in the college’s network being disabled for three days.

“Moving forward, we all will need to take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage," said Penn State President Eric J. Barron, in a May 15 posting.

UVA responded to its breach with a comprehensive security overhaul, according to an August news release. University officials assured students that no personally identifiable information had been stolen.

Other universities weren’t so lucky: At the University of Connecticut, Social Security numbers and credit card data were stolen.

“The unfortunate reality is that these types of attacks are becoming more and more common, which requires us to be even more vigilant in protecting our University community," said Michael Mundrane, CIO and vice provost at the University of Connecticut.

The vast majority of data breaches occur in the healthcare sector, according to Symantec's 2015 Internet Security Threat Report. Education was third among 10 of the most-breached sectors, accounting for 10 percent of the total number of reported incidents by the group.

Of the breaches involving personal information, the education sector ranked ninth, with 1.35 million identities exposed. Those figures are dwarfed by retail breaches, which resulted in the exposure of 205 million identities in 2014.

Most of the breaches that occur in higher education institutions aren't accidents, according to a 2014 survey from EDUCAUSE's Higher Education Security Council. Hacking accounts for most data breaches (36 percent), followed closely by "unintended disclosure" (30 percent).

The EDUCAUSE survey downplayed the impact of most of these breaches, saying education has "some of the lowest counts of records exposed per breach incidents." The survey also suggested that higher education institutions are singled out for having a large number of breaches, but that may be a reflection of the culture of transparency fostered by education. A publicly held company has much less incentive to disclose a breach.

"This culture does not exist in other industry sectors, where breach reporting could damage an organization’s ability to be competitive in that industry," according to the report.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT