Cybercrime is a concern for every industry; however, in recent years there has been a significant increase in the number of cyber attacks on academic institutions.
70% of UK Universities have fallen victim to phishing attacks and just last week, international students at The University of Manchester were targeted with an email phishing scam. Several students received a fake invoice via email requesting they pay for mandatory services for their arrival in Manchester.
This was closely followed by a sophisticated cyber attack on Lancaster University. Data from undergraduate applicants for 2019 and 2020 was accessed and student record systems were also breached in the attack. The university immediately informed the affected students and reported the matter to the Information Commissioner’s Office (ICO).
Unfortunately, this problem is by no means just restricted to the UK. The US Department of Education recently announced that hackers breached 62 colleges and universities across the country. By exploiting a software vulnerability, the attackers were able to gain access to college systems and start creating fake student accounts for malicious purposes.
The damage from these cyber attacks can be far-reaching. Apart from the financial sanctions imposed by regulatory requirements, the university’s reputation can be significantly damaged. This can, in turn, affect potential income streams as it may be more difficult to secure funding or attract organisations/ Governments to take part in new research projects.
Why are academic institutions such an attractive target?
Academic institutions have become an increasingly attractive target for cybercriminals due to the wealth of personal data they hold. Personal details, such as name, address, phone number, date of birth, bank account information and driver’s licence details are all provided by students when they enrol on a course. If hackers can gain access to this valuable information, they can then use it to commit identity fraud or cash in by selling it on to criminal third parties.
In addition to this treasure trove of information, academic institutions also handle large sums of cash such as admission fees, research funding, payroll as well as specific departmental budgets. Hackers will use sophisticated BEC scams and phishing emails to try and worm their way into these valuable and potentially very lucrative networks.
Universities also have endless access points, different IT policies across different departments, government-funded research and a high volume of connected users. Academic institutions are not regulated in the same way that critical infrastructure or financial institutions are, so they provide lots of attractive weak points to exploit.
One of the easiest ways hackers can infiltrate a network is by targeting students. Students spend more time online than any other group of internet users and when they start higher education, they have a vast amount of log-in details and passwords to remember. Cybercriminals know this is a time when students are vulnerable, which makes them the ideal target for an online attack.
Phishing tends to be the favoured method of attack and the easiest way to trick students into revealing their personal details. Some of the more common scams include phishing emails designed to look like scholarship or grant applications. When the student clicks on the link within the email, they will be redirected to a phishing website where they are asked to enter their bank account details in order to receive the funding.
Social media scams have also grown in prominence and students are typically targeted with ‘get rich quick’ posts or told their account has been suspended pending further action.
How can universities protect themselves from an attack?
One of the best defences against evolving cyber security threats is user awareness training. MetaCompliance has created extensive Cyber Security awareness solutions, including content specifically focused on the education sector to address the unique threats faced by students and staff.
Using high quality, graphically engaging content, students can gain a clear understanding of the threats they face and develop the right skills required for effective cyber resilience.
Our targeted training courses cover a broad range of topics including:
- Everyday Cyber Security threats
- Essential phishing awareness
- Student safety
- The different scams used to target students
- Staying safe on social networks
- Dangers of malicious software
- Emails essentials
- Securing mobile devices
- Laptop security
The courses are focused on real-life examples and use cutting edge design, animation, and gamified eLearning to ensure that students are engaged and equipped with all the information they need to identify a cyber attack.
Universities can create customised training from an extensive library of short eLearning courses that can be tailored to their specific needs. The courses are easy to create and can be personalised and branded to make the content more relevant and authentic to students and staff.
To arrange a free demo of our award-winning training, contact firstname.lastname@example.org