Okay, I am going somewhere with this. Sit tight.
Over the last few months I have been noticing that academic institutions are beginning to become targets for ransomware attacks and the frequency was mounting. As I was browsing some of my favorite cybersecurity news sites this past week I was somewhat amazed to see how quickly the number of ransomware attacks at academic institutions has been growing. An article in the Washington Examiner on January 14th titled “Florida audit finds cybersecurity lacking in four of eight surveyed school districts”, which goes on to discuss how schools are lacking basic security controls and adequate authentication, but fails to discuss how they are identifying and addressing basic vulnerabilities that are a leading cause of ransomware attacks on many networked systems globally. On the previous day, January 13, an article titled “San Benito School Officials Share Cyber Attack Details” went into detail about how cyber criminals stole Social Security numbers and backing information from the school’s networked systems and posted the information on the Dark Web. A few days earlier on January 11th an article titled “Suspected cyberattack keeps largest school district in Iowa closed for second day” goes on to report how “A suspected ransomware attack on Iowa’s largest school district has closed schools for two days as technicians work to restore the computer system and protect data…”. Perhaps my favorite article of all, also on January 11th, was a story titled “Analysis of Vice Society finds that the hacking group times its attacks with school-year transitions”, which goes on to speak of hacking group Vice Society and that “…nearly 40% of the group’s attacks focus on the education sector, particularly in the US…” and that “the gang lines up their assaults on educational systems based on the school year”, using various forms of commonly available ransomware. They are very clever because they time their attacks during transitions where new students are entering the system, launching the attack at that time in order to cause maximum disruption and consequently help insure that they get paid quicker. I must say these ransomware attackers are getting more clever every day.
Now I can assure you that there are more stories out there, but to see this level of reporting on academic cybersecurity issues in a span of only 3 days is indeed indicative of a growing system of storms, in a manner of speaking.
Academic institutions are indeed very ripe targets. They are not organizations that typically have big cybersecurity budgets, and are unlikely to acquire the best and brightest talent as a result of this lack of budget. Having systems in place that identify vulnerable systems, combined with simplified and secure authentication, will certainly become more necessary as the threat continues to grow, especially since remote access is growing faster that administrators can secure school networks, and as I pointed out in my previous blog posting the massive growth in remote access is creating a crisis of its own, and academic institutions are probably the least prepared to deal with challenges.
The bottom line is this: The word is spreading fast. Academia is a ripe and easy target, and unless resources are directed towards resolving some of these issues very quickly, there is going to be a lot of flooding to deal with.