Why universities are so vulnerable to data breaches

Register now

As the rate of cyberattacks increases across the globe, universities are particularly vulnerable. In 2015, Pennsylvania State University and Johns Hopkins University were among several schools attacked by Chinese hackers.And more recently, University College London, one of the world’s premier universities, fell victim to a ransomware attack, following on the heels of a similar attack on the NHS.

Though these examples just scratch the surface, universities have found themselves ranked third for incidences of cyberattacks – but why? What makes universities so vulnerable and so desirable to hackers?

The Appeal Of Research

The primary reason that universities are so vulnerable to cyberattacks is that schools are home to potentially powerful data. Hackers see a .edu address and know that behind that simple string of letters is a vast trove of sensitive research. Many universities partner with the government on defense research, while others are engaged in the private sector, healthcare and other highly valuable topics. Attackers know this and that’s why they strike universities.

In fact, university addresses are so valuable to hackers that people actually sell college email addresses on the Dark Web. These addresses can lead to stores of personal student information, in addition to university-based research.

High Value, Low Security

In addition to housing valuable research and massive amount of private student information, universities are prime targets for cyberattacks because their operating systems aren’t upgraded often enough. This generalization may apply to schools as a whole – a common problem for Chinese universities, for example – as well as student computers. Students’ computers are an ideal point of entry for hackers.

With so many computers on a campus, and therefore almost endless possible ways to break into university networks, hackers are at the ready. Overconfidence doesn’t help any either. Most organizations are convinced internal data is safe, despite evidence otherwise. Universities need to step up their internal systems coverage if they’re going to keep hackers out.

Blocking Further Attacks

How can universities fill the gaps in such extensive systems and prevent future cyberattacks? It will take a coordinated effort on many levels but universities are stepping up.

In response to the 2015 attack that broke through their system, Johns Hopkins has begun holding cyberterrorism drills, staging ransomware attacks on their own servers, and coordinating the work of numerous internal departments to prevent data theft, and they’re not alone. Other universities are making similar efforts.

At Arizona State University, researchers are partnering with teams at five other universities to combat ongoing cyber threats, using tools including computer science, game theory, and cognition research to develop a battlefield-style defense strategy against cyber crime. Their research has even attracted the attention and financial support of the Army Research Office.

Cybercrime is the next great frontier, but it seems universities didn’t expect the threat to hit so close to home. For the time being, they will need to be vigilant – universities will always be home to valuable information. How they protect that information will set the stage for all other industries.

For reprint and licensing requests for this article, click here.