Schools, colleges, and universities are very attractive targets for data hackers.
Cyber attacks have been on the rise in higher education, most recently the Wannacry campaign struck institutions in Asia, where there were widespread reports of attacks at universities, with students locked out of their theses and final papers as graduation loomed.
Why are educational institutions such rich targets? For one, they are often a unique mixture of public and private networks. Schools and universities are highly connected environments, with very high rates of file sharing. Every day there are thousands, even tens of thousands, of students, academics and employees circulating and using laptops, tablets, and smartphones to access institutional data every single minute. The networks used can be public unsecured wifi, personal data accounts from local carriers, or department specific private networks. Each of these has independent security controls or lack thereof.
A second factor that puts educational institutions at greater risk is the fact that many are running legacy systems. Many schools have been around since long before the advent of the internet, and while they grew with modern technology they often have dated approaches to security. The academic culture is one of sharing, which naturally creates a porous environment.
The third main factor and the one of most concern is that schools maintain rich troves of both alumni personal information and of valuable research and intellectual property.
The Risk of Academic Research and IP Being Hacked
It’s important to understand the potential value that academic research and IP has. While not simple to quantify, there are the prestige and respect that institutions gain when breakthroughs are made within their departments and on their campuses. While that is important for both alumni fundraising efforts and in attracting the best students, a more concrete factor is financial.
In the United States, the Bayh-Dole Act of 1980 first established that universities were allowed to profit off of federally funded research by selling or licensing research discoveries to companies. Essentially, the act created a universal patenting policy among federal agencies that allows universities to retain the title to inventions. Since then, spectacular successes like Northwestern University’s $1 Billion windfall in royalties from Pfizer for Lyrica, its anti-seizure drug, has opened the eyes of university chancellors hoping for similar breakthroughs.
Technology transfer has not been widespread, however, so schools are beginning to create research based startups, industry specific workforce curricula, industry sponsored research and in certain cases technology consulting, all in an effort to attract new sources of revenue. All such initiatives will fall prey to the same targeting by malicious actors using malware to hijack material either for ransom or in outright theft.
There is also the reality that schools often have access to third-party research, intelligence, or intellectual property (government, private sector, etc.). In Europe, where the EU has led to greater and greater collaborations amongst not only institutions but countries themselves, numerous studies have demonstrated that the overall value generated by public research is between three and eight times the initial investment. In terms of annual rates of return – the median values are in the range of 20% – 50%.
Research and IP benefit societies as wholes, generating financial gain, stimulating the private sector, impacting public policy, the economy, commerce, health, culture and more.
As academia has become the hub and repository of critical applied research in science, business, and technology, the threat to intellectual property is a real and present danger.
What can be done?
The growing number and sophistication of malware attacks have elevated the importance of cybersecurity and risk management in general. For the educational sector, both the bar and the risks are high.
Educational institutions must evolve and adapt to the realities of malware and cyber health. Part of this is a maturing of approach to immediate and long-term security threats. Mounting a comprehensive effort, including threat hunting, can address many of the security challenges malware poses.
Rather than taking on the monumental effort of scrapping the legacy systems and adopting new infrastructure, a simple and easy way to scour network endpoints for malware and suspicious code would equip institutions with a tool they can use to protect their data.
Infocyte HUNT offers educational institutions the ability to proactively and iteratively hunt malware and other persistent threats that have evaded defenses and reside undetected. A factor often overlooked particularly with ransomware, is the secondary malware that such attacks often seed. Once the primary breach is dealt with, institutions often have no avenue to ensure that additional payloads dropped have been found and addressed.
The Forensic State Analysis (FSA) approach used by Infocyte HUNT enables an organization to schedule regular scans of endpoints, as often as desired, to find any cases of suspicious activity. Once malware is identified – users can then take steps to remediate the security breach. There is no need to wait for a high profile event, such as a data breach, to call attention to the breach and precipitate discovery.
Read more about malware and its impacts on educational institutions, and how Infocyte HUNT offers an easy to use platform that hunts malware.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »