Contact Cybernon Today
We will answer all inquiries within 24 hours.
Often times higher education is not thought of being an industry targeted by cyber criminals for ransomware attacks, however nothing can be further from the truth.
K-12 schools are not going unscathed either from cyber attacks and will only get worse in the near future. A ransomware attack caused Albuquerque Public Schools, the largest district in New Mexico, to close down for two days in mid-January of 2022.
One of the most extreme examples of a school being affected by a cyberattack is Lincoln College. After a 157 years of operation on May 13, 2022 the school was forced to close. Initially hit by the COVID-19 pandemic with limited recruitment the final blow came in the form of a severe ransomware attack that limited the faculty’s access to critical school data, making it even more difficult for the school to find new potential students and keeping the doors open.
Ransomware attacks, if successful can result in damage to institutional reputation, productivity, and the ability to operate for school institutions costing thousands of dollars if not prepared. While ransomware and other threats have been around for a while, tactics are evolving and growing to find new ways to penetrate an institution’s IT infrastructure and information systems.
Ransomware tends to happen when school institutions have not updated their IT infrastructure (servers and software) exploiting vulnerabilities, poor systems patching and weak endpoint protection. Institutions need to take a proactive approach by incorporating cyber-hygiene through patching or updating systems and increasing awareness through user training to prevent these types of attacks before they occur. Institutions also need to be prepared to respond when prevention fails.
Third-party risk – those vendors who have access to the institution’s infrastructure – is also coming under scrutiny (as it should). For example, the vast majority of institutions use a student information system from a vendor, e.g., Salesforce, Oracle, Jenzabar, Ellucian, and those applications have detailed personal information on 1000s of students.
Now think of the SolarWinds hack – a nation-state hacked the company that updated 1000s of companies’ computer systems. If that were to happen to your SIS vendor, hackers could have access to literally millions of student records. This is why institutions are beginning to take an inventory of third parties that the institution does business with through contracting, and ensuring that they have the proper cyber-hygiene procedures in place.
Leaders need to know what data is being provided to these third parties and contractually how that third party will use that information. Supply chains also can create risks as well.
Third-party risk – those vendors who have access to the institution’s infrastructure – is also coming under scrutiny (as it should). For example, the vast majority of institutions use a student information system from a vendor, e.g., Salesforce, Oracle, Jenzabar, Ellucian, and those applications have detailed personal information on 1000s of students.
Now think of the SolarWinds hack – a nation-state hacked the company that updated 1000s of companies’ computer systems. If that were to happen to your SIS vendor, hackers could have access to literally millions of student records. This is why institutions are beginning to take an inventory of third parties that the institution does business with through contracting, and ensuring that they have the proper cyber-hygiene procedures in place.
Leaders need to know what data is being provided to these third parties and contractually how that third party will use that information. Supply chains also can create risks as well.
Contact Cybernon Today
We will answer all inquiries within 24 hours.