Dive Brief:
- A recent report from the Digital Citizens Alliance shows 14 million .edu email addresses and email passwords from the 300 largest higher ed institutions in the U.S. were available for sale on the "Dark Web."
- Campus Technology reports that 11 million of those uncovered in the most recent search of the Dark Web were found in the last year, and that many of the user names and passwords were likely compromised when users accessed them in non-academic settings.
- Hacktivist organization Team GhostShell's leader, a 25-year-old Romanian hacker nicknamed "Dead-Mellox," provided researchers behind the report with insights on the vulnerability of .edu addresses, as well as the surplus of valuable data, intellectual property and research that higher ed institutions have compared to commercial businesses or government agencies.
Dive Insight:
Education has become an increasingly lucrative target for hackers over the past several years. As such, the role of the CIO or CISO has become increasingly prominent on campuses. But there's also no magic bullet to stop 100% of cyberthreats.
What is certain is that — beyond strengthening networks, perimeter security and budgets — preventing a vast number of these attacks begins with end-users. At the University of Dayton, Associate Provost and CIO Dr. Thomas Skill last year kicked off a proactive, year-long campaign to promote "cyber mindfulness" among faculty, students and staff, encouraging them to think of everything they do as potential risks to security.
A good place to start: working with a third-party to run phishing tests, sending the latest updates and warnings, and implementing two-factor authentication.