The dangers from cyberattacks are growing exponentially. At the same time, colleges and universities face significant IT staffing challenges.
Nearly two-thirds of campus leaders rank data security as one of their top concerns. In fact, data security is the number two concern of campus leaders this year, behind enrollment.Footnote1
With cyberattacks against colleges and universities on the rise, it's no wonder that data and network security are top-of-mind issues for higher education leaders. As education becomes more digital, the attack surface available to hackers has multiplied. Higher education networks are especially vulnerable to attacks because of the highly collaborative nature of research and scholarship.
Cyberattacks might not be completely avoidable, but there are steps that campus leaders can take to reduce the odds of a successful attack and protect sensitive information. The first step is for campus leaders to understand the nature of the threats their institutions face and where institutions are most vulnerable.
To enhance this understanding, here are three cybersecurity facts that every campus leader should know—along with recommendations to help institutions keep their networks and data secure.
1. The number of cyberattacks worldwide has exploded in recent years, and education is among the top targets.
An estimated 560,000 new pieces of malware are detected daily, and more than one billion malware programs are circulating worldwide. These figures suggest that as many as four new organizations fall victim to ransomware attacks every minute.Footnote2
The research and education sector is among the biggest targets for cybercriminals looking to steal sensitive information. According to Check Point Software, educational institutions experienced the highest number of cyberattacks in the first quarter of 2023, rising to an average of 2,507 attempts per college or university per week. That's a 15 percent increase compared to the first quarter of 2022.Footnote3
2. Most ransomware attacks against colleges and universities are successful and carry a significant cost.
Ransomware attacks in which criminals seize control of campus networks and demand a ransom in exchange for the return of mission-critical systems and data have become especially troublesome within higher education.
According to The State of Ransomware in Education 2022 report, which included survey responses from more than four hundred higher education IT professionals, nearly two-thirds (64 percent) of colleges and universities were targeted by a ransomware attack in the previous twelve months, up from 44 percent in 2021.Footnote4
The education sector is the least likely to stop data from being encrypted in a ransomware attack; however, nearly three-quarters (74 percent) of the ransomware attacks reported against colleges and universities resulted in data being encrypted by attackers. The average encryption rate globally across all sectors is 65 percent.Footnote5
These findings suggest that colleges and universities may be less prepared to defend against a ransomware attack than other types of organizations, perhaps because they lack the layered defenses needed to secure their networks.
The average cost to remediate a ransomware attack in higher education is $1.42 million. This cost includes not only the ransom but also the expense of restoring software and data systems to their original state.Footnote6
Aside from the huge financial impact, recovering from a cyberattack can take months, potentially causing significant disruptions to campus operations. In fact, higher education has the slowest recovery rate time of any sector. Most colleges and universities (40 percent) took over one month to recover from a ransomware attack, compared to the global average of 20 percent across all sectors. Nine percent of higher education institutions reported a recovery time of at least three months.Footnote7
3. Many campus IT departments lack the staffing they need to stay ahead of cybersecurity threats.
In the wake of the pandemic, many colleges and universities are dealing with significant labor shortages, and IT departments are among the most affected areas.
Campus technology departments nationwide are grappling with IT staffing challenges. Nearly three-quarters (74 percent) of campus leaders say that hiring IT employees is a "moderate" or "severe" challenge for their institution.Footnote8
As unemployment has dropped to record-low levels, colleges and universities have struggled to compete with private-sector businesses for IT talent. As Susan Grajek and the 2022–2023 EDUCAUSE IT Issues Panel noted, "Replacing staff has felt like bailing a leaky boat as resignations seem to, or do, outpace hires."Footnote9 Many IT employees are stretched to their limits in maintaining and supporting their current technology, and as a result, they might not have the capacity to defend against an increasing barrage of cyberthreats.
Recommendations for Campus IT Leaders
As campus IT departments face a growing number of cyberthreats and limited resources to deal with them, three key strategies can help campuses succeed.
Invest in Multiple Cybersecurity Defenses
A multilayered approach to network security offers the best protection against cyberthreats. In a multilayered approach, institutions employ multiple security systems and technologies—such as firewall services to protect internet gateways, antivirus and anti-malware software to shield network endpoints, and distributed denial of service (DDoS) protections to guard against DDoS attacks—to protect various operational layers. These defenses work together to enhance security by protecting against numerous types of threats as well as multipronged attacks that seek to gain network access through multiple channels.
Consider Managed Network Services
When colleges and universities purchase and install their own network infrastructures, they are accountable for implementing patches and upgrades to keep these systems secure. With a managed network services approach, institutions can extend the capabilities of overburdened IT staff and keep up with rapidly evolving network needs while enhancing security. Security patches and firmware changes are installed automatically, which helps to keep network systems continually secure and up to date.
Partner with a Trusted Provider
As ransomware attacks and other cyberthreats increase exponentially, campus leaders can't wait any longer to take comprehensive action to secure their networks and data from attacks. With campus IT staff stretched thin, a reliable service provider with extensive experience serving the higher education market can help.
Colleges and universities can balance the need for sophisticated protection and simplicity of operation by choosing security as a managed or co-managed service. Institutions that partner with Spectrum Enterprise for connectivity and security solutions are supported from design through implementation—and beyond.
- Rick Seltzer, "Here Are the Top Risks College Leaders Are Worried About this Year," Higher Ed Dive, January 6, 2023. Jump back to footnote 1 in the text.
- Chuck Brooks, "Cybersecurity Trends & Statistics; More Sophisticated and Persistent Threats So Far in 2023," Forbes, May 5, 2023. Jump back to footnote 2 in the text.
- "Check Point Research Weekly Intelligence Report," Check Point Research (website), May 1, 2023; Check Point Research, "Global Cyberattacks Continue to Rise with Africa and APAC Suffering Most," Check Point Blog (blog), Check Point April 27, 2023. Jump back to footnote 3 in the text.
- Puja Mahendru, "The State of Ransomware in Education 2022," Sophos News (website), July 12, 2022. Jump back to footnote 4 in the text.
- The State of Ransomware in Education 2022, white paper, (Abingdon, UK: Sophos, July 2022): 13. Jump back to footnote 5 in the text.
- Mahendru, "The State of Ransomware," July 12, 2022. Jump back to footnote 6 in the text.
- Ibid. Jump back to footnote 7 in the text.
- Megan Zahneis, "Higher Ed's Hiring Challenges Are Getting Worse," The Chronicle of Higher Education, March 31, 2023. Jump back to footnote 8 in the text.
- Susan Grajek and the 2022–2023 EDUCAUSE IT Issues Panel, "Top 10 IT Issues, 2023: Foundation Models," EDUCAUSE Review, October 31, 2022. Jump back to footnote 9 in the text.
Richard Twilley is Group Vice President, Vertical Markets, at Spectrum Enterprise.
© 2023 Spectrum Enterprise.