Ransomware, a costly affair

Reputation damage, financial losses at risk.

Remote collaboration is one of the huge benefits of the Internet age we live in, but it comes with its own set of risks, such as malware attacks. Higher education institutions are not immune. For example, in March 2021, the FBI publicly warned of an increase in a particular type of ransomware attacks aimed at educational institutions in 12 US states and the United Kingdom. 

Attacks such as these are costly on several levels. Most obvious are reputation damage and direct financial losses for organizations that pay the ransom. Reported losses, however, probably underrepresent the true cost, because many victims do not come forward due to the potential damage to their reputation from public acknowledgment of a successful cyberattack.

New vulnerabilities

Educational institutions can be prime targets for cyberattacks.

The very qualities that make educational institutions valuable can make them vulnerable as well.

Universities often conduct cutting-edge research. Cybercriminals can extort institutions by encrypting their intellectual property (IP) and demanding a fee to unencrypt it. They also can steal the IP produced by researchers and sell it to third parties for financial gain.

Apart from their IP, universities must also protect the people within their ecosystems. This includes guarding against risks to the personal safety of students when physical access to school facilities converges with logical access to IT resources. Think key cards for building access. 

Additionally, they need to protect students’ personal data. College students rely heavily on their smartphones for everything from online class participation to pizza delivery. Unfortunately, hackers are increasingly using mobile devices as an avenue for attack.

Universities that operate medical centers or health clinics must go further to safeguard patients and their private health information. This can even include protecting the welfare of animals in university veterinary or research facilities. 

Dynamic environment 

Research universities by their nature have information systems that are open to a wide range of users with varying levels of computer expertise. 

Most people are not hyper-focused on cybersecurity, and this includes university students, faculty, and staff. Compounding the problem, higher education institutions experience a constantly shifting user population, as students (and sometimes faculty) cycle through the university system and often change roles over time. Students can become staff or faculty, and staff can become students, making it difficult for IT administrators to match account access privileges with current roles.

Beyond that, universities face the challenges of expanded remote online teaching and learning in response to the pandemic, as well as the general ongoing shift to cloud environments for data processing and storage.

Evolving IAM

With the cybersecurity industry’s increasing focus on defending individual digital assets instead of trying to protect the network perimeter, IAM is getting more attention.

A user’s unique identity can serve as the cornerstone of information security if a robust IAM program is in place. But it doesn’t happen easily or quickly.

Some unique functions within IAM have become so specialized that they are now beyond the capability of many institutions. This has led them to turn to professional services firms for a comprehensive solution, according to Gartner. Good IAM partners are maturing to security allies who are regularly consulted about direction, strategy, and changes in technology. 

This added perspective is much needed because IAM solutions must continually evolve to meet shifting security demands of online behavior, regulatory requirements, and new identity standards and best practices.