Higher Education as Hacking Targets
Sunday Oludare Ogunlana, Ph.D., AIGP, CISSP, CCISO, CIPP/US, CEI.
Cyber Security Leader and AI Strategist| National Security Cyber Strategist|Professor of Strategic Security|Security Risk Advisor|Cybercrime Researcher|Expert Witness|Public Policy Advisor
In February of this year, Berlin University experienced a cyber intrusion that compromised its email system. Subsequently, a group identified as Anonymous Sudan executed a Denial of Service (DoS) attack against the Universities of Cambridge and Manchester, citing the UK's support for Israel as their motivation. This group, known for its disruptive activities, including widespread outages on the platform formerly known as Twitter, has gained notoriety. In a related incident, Stanford University reported a probable ransomware attack orchestrated by the Akira Ransomware Group, targeting its Department of Public Safety. This group, monitored by CrowdStrike since March 2023, engages in double extortion tactics and operates a ransomware-as-a-service (RaaS) model, predominantly targeting entities in the United States and Canada. Also, a 2021 report by Forbes News revealed that cybercriminals infiltrated the biochemical systems at Oxford University's laboratory engaged in COVID-19 research, with financial gain identified as the primary motive behind the attack.
In this digital era, universities are prime targets due to their role as centers of research, innovation, and repositories of valuable intellectual property and sensitive personal data. Existing research often focuses on the technical facets of cybersecurity in enterprise environments. However, the unique characteristics of higher education institutions demand a specialized examination.
A report by Information Security Magazine in 2023 indicated that nearly 900 US schools were compromised via the MOVEit transfer system, underscoring the vulnerability of higher education institutions. These institutions are characterized by open, decentralized information technology environments, rendering them susceptible to cyberattacks. Key vulnerabilities include outdated infrastructure, where universities continue to rely on legacy systems that are not regularly updated, exposing them to novel cyber threats. The diverse user base of students, faculty, and staff, each with varying levels of cybersecurity awareness and access rights, presents a significant challenge in maintaining a secure environment. Furthermore, the need for unified cybersecurity policies across different departments exacerbates the vulnerability to cyber threats.
领英推荐
In conclusion, the increasing frequency and complexity of cyberattacks on higher education institutions necessitate reevaluating current cybersecurity strategies. It is imperative to develop and implement comprehensive, robust cybersecurity measures that address the unique challenges faced by these institutions. The approach will entail upgrading outdated infrastructure, enhancing cybersecurity awareness among the diverse user base, and establishing cohesive, enforceable cybersecurity policies across all departments. By adopting such measures, higher education institutions can better protect their invaluable assets against the ever-evolving landscape of cyber threats. Ervin F. Belinda Ogunlana, CISA, PMP. Damien Smith
Sunday Oludare Ogunlana, Ph.D.
Artificial Intelligence | Cyber Defense
6 个月Great read here! You might be interested Steven Okidi CASP, CySA, CISM, PMP
Senior Manager at Accenture Federal Services
8 个月Thanks for bringing awareness to this subject Sunday. I’m always amazed at what you’ve been able to accomplish and overcome in your life my friend. Thanks for being an example of the possible and sharing important topics.
Software QA Expert | Co-Founder
8 个月Great job on addressing such an important topic!
IAM | Data Protection & Privacy | TPRM | Cyber GRC | Cyber Risk & Regulations | WiCyS 2023 Allyship Award Winner | Membership Chair-Houston ISC2 Chapter
8 个月Good catch here Sunday Oludare Ogunlana, Ph.D., CISSP, CCISO, CIPP/US, CEI. Outdated legacy systems have always been both open front door and back door of intrusions for higher institutions of learning. Managers of higher institutions i think do always believe they are immune to attack and therefore tends not to pay attention to safeguarding data and most critical infrastructures. But like you rightly opined, reported targeted attacks have proved othwerwise. Security belts need to be tightened more, investment in emerging IDS/IPS technology, built of a robust SOC and regular security awareness traning is a solution that will help reduce and mitigate future attacks. Nice piece you have here!
Dedicated Cybersecurity Trainer and Educator
8 个月Tell it like it is my friend, the end user is still the best sensor in the enterprise, but like all systems they need to be tuned (in this case trained).