- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
How cyberattacks can threaten colleges and universities
With the shift to remote learning, schools are facing greater security risks and smaller financial margins, says BlueVoyant.
The coronavirus pandemic and lockdown have affected many individuals and organizations around the world. But one sector that’s been hit hard is higher learning. As education has moved from in-classroom teaching to remote learning, colleges and universities have had to set up technologies that open the door to greater security risks. Further, many schools are facing financial pressures from students who are putting off education or demanding refunds due to at-home classes.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
A report published Tuesday by cybersecurity provider BlueVoyant looks at the security threats challenging schools of higher learning and offers suggestions on how to combat them.
From 2019 to 2020, ransomware attacks against universities jumped by 100%, according to BlueVoyant. Attackers also started demanding larger sums of money from colleges as the average cost of a ransomware attack in 2020 was $447,000. An attack against Monroe College in July 2019 seemed to be one of the first “big game” hunts, with the attackers demanding 170 Bitcoin (around $2 million at the time). Since then, ransomware attacks against schools have continued to rise.
Student accounts are a tempting target in data breaches and are among the most highly trafficked type of personal data on the web, BlueVoyant said. This is because students often keep their university accounts beyond graduation and use those accounts to sign into a range of services, including administrative portals, remote video tools, and remote learning tools. More than one-third of all data breaches were related to tools used for remote learning, such as Zoom, Chegg and ProctorU.
The security protection set up by colleges and universities isn’t necessarily on par with the defenses used by corporations and enterprises. That’s been especially true amid the shift to remote learning.
In its analysis, BlueVoyant found that many universities had unsecured ports related to remote desktop and online databases. Open remote desktop protocol (RDP) ports are one of the most common vulnerabilities that lead to cyberattacks, particularly among ransomware gangs. Among the universities covered in the report, 22% had at least one open RDP port, while 38% had open ports for MySQL, Microsoft or Oracle databases.
A majority of the schools analyzed also have weak email security, leaving them vulnerable to phishing attacks. Many businesses and enterprises use DNS-based email security protocols such as SPF, DKIM and DMARC. But among the universities examined, 66% had no type of email security protocol in place.
To protect colleges and universities against these security threats, BlueVoyant offers the following recommendations:
- Ensure multifactor authentication. MFA should be implemented across all email services and sensitive accounts. This is present in some higher education schools, but not all. The majority of account compromises can be prevented with this type of additional authentication.
- Use a long password policy. Organizations should mandate 15+character passphrases and block the ability to reuse passwords and use simple passwords (e.g. 12345). By combining long passwords with MFA, the chances of being breached through brute force or credential stuffing attacks are considerably lessened.
- Monitor for authentication anomalies. Schools should monitor for authentication anomalies (e.g. faster-than-light logins) for all email accounts as well as for any network or cloud services.
- Set up password screening. NIST recommends that organizations screen passwords against blacklists containing commonly used and compromised credentials.