Schools are rarely known for holding huge amounts of financially valuable information in their vaults, such as credit card details. However, that doesn’t make them less of a target to hackers than many other organizations. In fact, cybercriminals are stepping up their attacks against educational institutions, as demonstrated by September’s ransomware attack on a school in Florida Keys.
Recent studies show that around 20% of all educational establishments have been hit. Contrary to popular belief, hackers aren’t only interested in going after high-value targets in sectors like finance and healthcare — they’re looking for any opportunity to make a quick buck. Here are five things that criminals are looking for when they target schools:
#1. Easy targets
Schools and universities tend to have large tech infrastructure to support innovative learning. In fact, these often store more data than many large enterprises. Despite their investments in IT, they often lack the security controls needed to ward off hackers, making them easy targets.
Moreover, hackers find it easy to lure college students with the false promise of employment. It is ironic that many educational institutions still fail to educate their students about phishing and other social engineering scams.
#2. Valuable research data
Payment details aren’t the only form of valuable information out there. In the education sector, universities often have access to or generate a large amount of research data that can fetch a lot of money on the black market. In April 2017, two universities in Singapore were targeted by a carefully planned attack that attempted to steal classified government research data.
Many universities work in conjunction with governmental organizations to do technology research and development projects that have large-scale economic, political, or military implications. This is why these sorts of attacks are often carried out by or on behalf of rival nation states.
#3. Access to larger networks
Educational institutions have vast networks of computing systems, which means there are more ways to attack them than, say, a typical small business. Given the increased number of opportunities, hackers often target schools to access sensitive data (even if they don’t host it on location) or gain entry to something much bigger, such as a government portal that students might have access to through the school.
It’s much harder to keep a watchful eye on every account when you’re dealing with hundreds, and sometimes thousands, of students. This means it’s relatively easy for hackers to create fake accounts, test the limits of a security system, or try to sneak a peek at sensitive data without raising as many red flags as they would at a small business.
#4. Targeted scams
Recent years have seen an alarming rise of sophisticated spear-phishing scams. Spear-phishers conduct extensive research into a specific victim to make themselves appear as people whom the victim know and trust.
Since educational institutions often hold a great deal of information about their students, spear-phishers love to gain entry to these databases and download whatever information they can. With birthdays, home addresses, and other sensitive information, hackers have a much easier time impersonating a friend or family member.
#5. Email addresses ending in .edu
This one might come as a surprise, but some of the data hackers look for the most when targeting educational institutions are login credentials for student email addresses. Because most email addresses generated by colleges and universities have the .edu domain, they can present advantages that others do not, such as student discounts on software.
Hackers also harvest school-issued email addresses to carry out targeted social engineering attacks by using them to masquerade as people known to the victim. For example, an email might appear to legitimately come from a fellow student. Unbeknownst to the receiver, that student’s account has been infiltrated by a hacker.
School employees and students alike must be wary of unsolicited or unexpected emails, as well as emails that ask for account credentials out of the blue.
Online Computers provides technology solutions, services, and expertise to companies throughout Northern New Jersey. Call today, and leave your technology challenges to us.
Like This Article?
Sign up below and once a month we'll send you a roundup of our most popular posts
Did you like this blog? Here are some similar topics you might be interested in:
Learn about the the different types of hackers and why they may be targeting your organization. Read more.
The best way to prevent your organization from being a victim of social engineering is to make sure your employees can recognize a them when they see them. Read more.
The education sector is one of the industries that can take advantage of cloud computing. Read more.
