One might think that only big organizations with thousands of credit cards on tap would be a key target of cybercriminals, but in fact that is not the case. In recent months hackers have been focusing significant energy on malicious incursions into university infrastructures. The reasons for these attacks are simple: educational institutions tend to lack endpoint protection software and the student information universities keep on file can prove lucrative.
Iowa State University falls victim to attack
ISU is learning the hard way that it is no less susceptible than any business organization to a cyber attack. According to the Quad-City Times, a recent breach has succeeded in stealing Social Security information for nearly 30,000 current and former students. The incursion happened because a criminal was able to gain access to five servers containing information for students who had attended the school between 1995 and 2012, some of whom are still attending.
The university’s senior vice president and provost Jonathan Wickert apologized on behalf of the school for the attack but said ISU will make every effort to recover from the breach and ensure the information safety of its students.
“Iowa State has always taken information security very seriously, and we will continue to take every possible action to safeguard the personal information of those who learn and work here,” Wickert said. “We have well-regarded cyber defense experts here who not only protect university data, but educate others on how to prevent computer attacks.”
Although the university does have a defensive team in place, it appears those employees were not prepared for this breach, since university officials did not even discover data from the attack had been exposed until more than two weeks after the breach was uncovered. The lack of administrative ability to cope with an attack can be mitigated by a strong data leak prevention infrastructure, which works on behalf of the organization to stringently defend against such breaches.
ISU is not the only one to suffer an attack recently
The attack on ISU is not an isolated incident. The past few months have witnesses a series of similar incursions on universities, including an attack on the University of Maryland that left information for more than 300,000 university people exposed. And according to security expert Alex Holden, these attacks show no sign of letting up anytime soon. Holden – who serves as CTO of a security company – said his organization is currently helping one of its clients, a university-connected hospital, recover from its own data breach. The attack happened via a phishing email sent out to 17,000 people associated with the hospital. Holden said that the attack was able to take place because a hacker found access to a single user’s account, through which he or she was able to breach the rest of the system. Such university attackers stand to reap significant profits from students whose social security information they steal.
“[Students] may not have a lot of money in their accounts but when exploited in bulk they may be as profitable as a number of people further in their careers,” Holden said.
For this reason, all educational institutions are encouraged to enact robust endpoint security and control.