Dive Brief:
- The design of higher education campuses with decentralized control over data and network access from a range of personal devices makes them especially vulnerable to cyberattacks.
- When reports surface of successful hacking attempts at individual universities, it likely means other schools have been affected, too, as experts say hackers tend to target entire industries.
- The FBI alerted Penn State to two breaches to its College of Engineering's network last fall, and a May security upgrade revealed two additional breaches at the College of Liberal Arts that dated back to March 2014.
Dive Insight:
Penn State estimated that an average day in 2014 came with more than 22 million “overtly hostile cyberattacks.” Its security apparatus worked to repel and withstand billions of attacks over the course of the year, but a single vulnerability in the College of Liberal Arts' network allowed hackers to access usernames and passwords. Malware provided a ticket into the network in the university’s other cyberattacks.
Penn State is now working to set up a two-factor authentication protocol that will roll out in the coming months. It requires users to input their password as well as a one-time code with each login attempt. This protects against malware, as a hacker would find it harder to recreate the login experience and trick a user into providing sensitive information. Vulnerabilities in the security apparatus itself that let hackers access the network directly, however, will need to be resolved another way.