It is hauntingly clear – cyber criminals have set their eyes firmly on universities, research institutions, and centers of higher learning in the United States and other parts of the world. If the cyber attacks of the past few weeks are any indication, universities are now facing the biggest threat to information security.
- On July 17, 2013, personal information of more than 72,000 staff members (past and present) of the University of Delaware in Newark was compromised. Hackers obtained the information (names, addresses, social security numbers, etc.) by exploiting the vulnerability in a third-party software that the university used.
- On July 18, 2013, during a routine security scan of IT resources, the University of Hong Kong found that a Trojan had been planted, which had mined the user names and passwords of more than 3676 accounts, including more than 250 administrative accounts.
- On July 24, 2013, the Stanford University announced that its computer system had suffered a security breach and advised its users to change their passwords. The university, however, said that the scope of intrusion was not known.
- In January this year, the Mississippi State University was the target of a cyber attack on one of the university’s servers. However, the investigation conducted later confirmed that there was no loss of secure data.
In April this year, Universities UK, a representative body of 133 universities in the UK, issued guidance on how institutions should defend their research from cyber attacks.
The incidents listed so far are just a sampling of the cyber incidents that have happened in the last few months. These incidents have come as a rude shock to the academic community because only commercial establishments, such as banks, financial institutions, and Fortune 500 enterprises, have remained the targets of cyber criminals across the globe so far.
Universities – paradise for hackers?
Academic institutions mostly concentrate on research and accord top priority for information exchange, collaboration, and a culture of openness. Naturally, IT security, which often creates various kinds access barriers, takes the back seat. Hackers always look for loopholes in security settings. And, it’s no wonder that universities, with their low emphasis on IT security, have become a hacker’s paradise.
Why hackers target universities?
- Universities deal with a vast amount of intellectual property acquired through active research. Research by Nobel laureates is invaluable and could fetch hackers a premium. The servers of the institutions where Nobel laureates are working are potential targets for hackers!
- Destroying path-breaking research and espionage could also be the motives.
- Universities handle consultancy services involving huge money.
- Bigger universities play many roles like commercial establishments – they deal with the personal data of students and staff; store sensitive financial data; collect and manage funds; run hostels, which are bigger than commercial restaurants; and perform a host of other services. Hackers look to gain access to credit card details and other personal info.
- Moreover, cyber criminals are now keen on siphoning off login credentials of employees and administrative passwords of IT resources by using techniques such as spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT). Identities stolen in this manner help hackers access several other online applications, because users normally reuse the same passwords across applications.
How to combat?
Clearly, a major challenge that the top universities face today is defending their intellectual properties. Mobile devices, cloud computing, and virtualization have all made information security quite complex. Therefore, combating sophisticated cyber attacks on universities demands a multi-pronged strategy that would incorporate a complex set of activities.
We’ll discuss the combat strategies in the next post!