Data Breaches - What are they?
Data breaches are a form of cyberattack that occurs when cybercriminals infiltrate a computer system or network, accessing private, sensitive and confidential data.
Nobody is safe, in fact the biggest names in the industry have faced the highest sanctions for not safeguarding their data sufficiently. Recently Facebook, Google, and Apple experienced breaches, and 3800 data breaches were publicly disclosed for the first half of 2019.
Universities have become the new target for hackers, with over 1000 targeted in the last year alone. A recent test of institutions’ defences revealed that hackers can extract sensitive data in as little as two hours.
Recent Data Breaches in Universities
A sophisticated and malicious attack on Lancaster University occurred in July 2019. The university later revealed they had sustained at least two breaches of data. Hackers were able to gain access to data records that included names, addresses and emails. Additionally, undergraduate applicants for the year 2019/2020 received fraudulent invoices enticing them to make a payment and compromising their parents’ details.
University of Greenwich
The University of Greenwich was fined £120,000 ($160,000) for following a data breach that compromised information for 19500 students. Acquiring the data from an unprotected microsite created by the university to hold data dating back to 2004. One of the very first fines to be issued under the Data Protection Act of 1998.
One attack, three targets: Oberlin College, Grinnell College, and Hamilton College
Cybercriminals were able to infiltrate an applicant portal used by three American universities gaining access to the applicant’s information. This resulted in applicants receiving emails, offering them access to confidential information regarding their admission file for a fee, consequentially each applicant paid at least $3800 for their file.
Network administrators in higher education institutions should consider the value of the data they hold and compromising it would be should a data breach occur. The frequent and recent university data breaches are a wakeup call for IT admins. Responsible for securing sensitive data for students, employees, alumni and other stakeholders, including parents. You need to be a step ahead of hackers to save the university from public embarrassment and expensive lawsuits.
Common Data Breaches and How to Prevent them
Distributed Denial of Service attack (DDoS)
Disrupting network services or connectivity, DDoS bring organisations to a standstill, making it inaccessible to a network, denying service for users for a target resource.
Safeguard your Institution: Ensuring you have multi-layered protection strategies in place. Combining firewalls, VPN and content filtering.
The most common and simplest way for a cybercriminal to gain access to networks.
Safeguard your Institution: Ensuring strong password creation that doesn’t include personal details such as name or DOB, include safe password storage such as a password management tool, and frequent password changes.
The Human Factor
Cited as the top cause for data breaches, humans continue to make errors that compromise universities. It can be as simple as sharing and downloading a file or clicking a malicious link.
Safeguard your Institution Ensuring staff and students have adequate and sufficient training, encouraging them to be more vigilant and simulating attacks to increase their awareness.
Almost half of the applications of your computers have a sell by date, meaning frequent updates are needed or facing a security risk. Out-of-date software exposes vulnerabilities and allows attackers to infect networks with malware.
Safeguard your institution: Ensuring that software, systems and applications are up to date is an effective method that can go a long way in protecting against cyberattacks.
Phishing schemes can manipulate users into downloading malware via email. Allowing cyber criminals to obtain credentials, and usually doing so undetected.
Safeguard your institution: Having effective anti-malware software and tools preventing viruses from entering your network in the first place is essential.
Through social engineering techniques cybercriminals can target potential victims, using social media platforms to substantiate the data that they collect creating enough credibility to execute their attacks.
Safeguard your Institution: Attention to detail really helps in identifying suspicious emails, focusing on the message content, attachments and inspecting the URLs. Providing awareness training to staff and students will enable them to take a minute before clicking on a link.
Prevention is always better than cure, which is why Barracuda’s applications can help you safeguard your network from the start, allowing you to manage your IT infrastructure seamlessly. Data security should be an absolute priority for universities, this report details security solutions your institution can deploy. Stay ahead of the curve, neutralising issues before they cause any real damage.