Dive Brief:
- College students and staff may be either initiating or unwittingly allowing cyberattacks, which are a persistent threat to higher education, according to a report from Jisc, a British nonprofit digital support network for universities.
- The researchers looked specifically at colleges in the U.K., where they saw a pattern in DDoS (distributed denial of service) attacks, which disrupt or slow service. Those attacks occurred during the day and when institutions were in session, suggesting the problem might be students or staff. It noted that in some cases the attacks could be traced to off-campus opponents of students playing online games who hoped to slow the network in order to win.
- Although it is difficult to pinpoint the role of students and staff, the report cautions colleges to pay attention to these and more advanced attacks. Jisc research shows that institutions often don't make security a large enough priority.
Dive Insight:
The number of DDoS attacks increased 16% from 2017 to 2018 across all industries, according to a report from tech firm Akamai, which noted that the attacks are evolving and institutions should remain vigilant and agile. They are sometimes carried out by website-based services, which have shut down popular sites such as Twitter and Reddit, CNET reported. Officials in April took down one site that charged clients as low as about $19 a month to carry out attacks, and had launched 4 million of them.
Education institutions are common targets of malware attacks, which include DDoS, and ransomware attacks due to the type of data that can be accessed and how critical that information is to daily operations.
Earlier this year, the U.S. Justice Department indicted Iranian hackers that had attacked 320 universities across 22 countries, nearly half of them in the U.S. In announcing the indictments, Deputy U.S. Attorney Rod Rosenstein said universities needed to "emphasize cyber security, increase threat awareness, and harden their computer networks."
Purdue Global, the university's online degree arm, named 10 areas where universities are vulnerable to cyberattacks. The list includes policies allowing students to use their own devices, the risk of DDoS attacks and viruses, use of passwords and frequency of changing them, and handling of discarded documents and hardware. Other experts have said institutions can increase cybersecurity in a variety of ways, including a combination of weekly vulnerability scans and occasional penetration tests.