Home › Forums › Why are educational institutions a popular target for cyber criminals, and to what extent do educational institutions increase their vulnerability to cyber attacks by failing to update their software regularly? › Answer- Kevin Cox
- January 18, 2020 at 14:10 #6465
The education sector is one of the top three most frequently targeted sectors by hackers, alongside healthcare and financial services. Educational institutions, hospitals, and banks are popular targets for cyber criminals because of the data they hold. Data is a valuable asset these days, and can be easily converted to money on the black market (Dark Web) , or used to gain leverage to illegitimately influence another person’s , or indeed a population’s, decision making process. As far as cyber criminals are concerned a school’s or university’s database is a great target as it contains not only student performance records, but also student and staff social security numbers, employee bank account numbers, student medical info, students’ addresses, information about parents and family background, and other personal information. It follows reasonably that the breach of such databases will result in high costs to educational institutions. Cyber criminals know this, more often than not their main motive is to hold the breached educational institutions to ransom, and make them pay tens to hundreds of thousands of dollars (if not more) in crypto currency to restore access to victim administrators.
Funding, or lack of, is a significant contributing factor to the recent increase in cyber attack frequency. Publicly and privately funded educational institutions often do not set aside enough resources to develop cybersecurity programs, good cyber hygiene, or a business continuity plan to mitigate losses if a breach occurs. This is partly because staff may be brilliant teachers in their respective subjects, but have limited technical skills, and lack sophistication when it comes to technology. The age of senior management, not having grown up with laptops and smartphones, is not a point to be taken lightly. Indeed students with technical skills have hacked schools for entertainment, to change grades, and even in some cases to cyber bully other students. Teacher and administrator backwardness, when it comes to cybersecurity awareness and education, has been exploited by tech savvy students in lots of instances on all continents!
Failing to update software regularly increases the vulnerability of any individual or organization to cyber attacks, not just educational institutions! However this is not the main cause of vulnerability increase. In addition to previously highlighted contributing factors, we must acknowledge that users of a school’s system often have several roles, complicating identity management. Remote access, with users accessing a school’s system from home, or public Wi-Fi access points, complicates matters further.
While the use of insecure/unsupported, outdated, software provides an easy entry point for cyber criminals, it is one of many vulnerability increase factors. The biggest challenge to fighting cyber attacks may well be the inherent difficulty in implementing strong security protocols while maintaining a degree of openness.
You must be logged in to reply to this topic.