Cyberattacks target the education sector

Cyberattacks target the education sector

Cyberattacks are on the rise. The pandemic has been the cause of much disruption to our daily lives and our shift in behavior – in response to the crisis – has meant a greater dependency on technology. In our time of uncertainty and adjusting to a ‘new normal’, cybercriminals have exploited our vulnerabilities and intensified malicious attacks on corporate and governmental infrastructures.

According to a recent Carbon Black report, ransomware attacks spiked to 148% in a single month from February to March 2020. While most sectors are susceptible to attacks, certain industries have been targeted with greater intent as of late.

The education sector has faced many unprecedented challenges including the shift to remote learning approaches. The surge in online activity has meant more data being collected by institutions – making a college or university increasingly vulnerable to the threat of malicious software. The cybercrime industry evolves as quickly as the technology we use and so institutions face an ongoing battle trying to create more robust systems to mitigate the harmful effects of an attack.

The BBC reported that some UK universities have been the most recent victims of a cyberattack. According to reports, a handful of institutions have had data stolen after hackers attacked a cloud computing provider.

It is believed that the hack targeted management software provider, Blackbaud – deemed the largest provider of education, administration and financial management software.

The BBC has confirmed that that the following Institutions were affected:

  • University of York
  • Oxford Brookes University
  • Loughborough University
  • University of Leeds
  • University of London
  • University of Reading
  • University College, Oxford
  • Ambrose University in Alberta, Canada
  • Human Rights Watch
  • Young Minds
  • Rhode Island School of Design in the US
  • University of Exeter

According to the announcement on the Blackbaud website, “The cybercriminal removed a copy of a subset of data from our self-hosted environment.” But assured their clients that “The cybercriminal did not access credit card information, bank account information or social security numbers.”

A weak cybersecurity infrastructure can have serious implications for an institution, as data comprises of sensitive student and staff information including names and addresses.

According to reports, the incident occurred in May 2020. The company emphasized that the malware was “discovered and stopped”. Blackbaud also stated that the copy of the data was destroyed by the hackers after they (Blackbaud) had paid them the demanded sum of money.

Security breaches of this scale shed light on the complex cybersecurity landscape. While most solutions safeguard against attacks, cybercriminals and their advancing techniques can (at times) challenge and perplex industry leaders.