by Michael Sink, for Dark Reading
COMMENTARY
As city-like microcosms, colleges and universities have become prime targets of cyberattacks. Their classrooms, student housing, athletics facilities and venues, retail locations, and, in some cases, public safety and clinical locations are all connected to the same network, creating a large and complex landscape for potential attacks.
The many points of engagement in higher education institutions result in the collection and storage of large volumes of sensitive information that often are housed in disparate systems, creating many vectors of attack. Threat actors also know some higher education institutions collect more personally identifiable information (PII), like Social Security numbers, than what's necessary, increasing the potential sale value of the data.
Attacks on these institutions also impact a higher variety of stakeholders compared to many other organizations. Students, parents, faculty, staff, alumni, donors, sports fans, and patients are all potential victims with unique data that can be stolen.
To better defend against cyber adversaries, higher education security leaders must gain visibility to all the information assets across the distributed areas to address the threats facing their institutions. From there, they can begin to make actionable, informed steps toward fortifying their security landscapes.
Top Threats to Higher Education Institutions
While higher education institutions are subject to a variety of types of cyberattacks, there are several kinds of incidents that are more commonly experienced: ransomware, insider risks, and phishing and spear phishing.
