Defending Higher Education Against Cyber Attacks
When Ferris hacks into his school’s computer system in “Ferris Bueller’s Day Off,” we are all laughing. How absurd, we think, that a student would go through so much trouble for a single day off, and we laugh. Hard.
We’re not laughing when it happens in real life.
University computer systems, storing data from every student, professor, and staff member, are a new favorite target for cyber attacks. A well-placed phishing attempt can lead to ransomware ravaging the entire network. In the year 2015, higher education was the third most-breached sector, accounting for 10% of data-breach incidents in the country.
Universities can suffer well over 90,000 hacking attempts daily. Rutgers University spent almost $3 million in cyber security after a malware attack resulted in shutting down class registration. This investment raised the already high student tuitions 2.3 percent.
Unfortunately, not all attacks are external. A student hacking into their school’s system to alter their letter grades is not unheard of. At Perdue University, a student changed all of his failing grades into A’s using a keystroke logger.
Multiple options exist to protect against possible hackers beyond utilizing the most recent malware protection. Most schools have a chief information security officer in place specializing in cyber security. Schools encourage students to obtain the latest firewalls, but only a few, like Indian University actually provide up-to-date malware protection software and scan student computers for the aforementioned software.
The most critical form of student protection, however, is cyber security education and training. Tech Services for each school send out reminders for constant vigilance and updates containing a list of “red flag” phishing emails circulating the network. Taking one step further than a computer science major. The University of Tulsa and Carnegie Mellon have classes (and even teams) focusing on hacking computer systems and writing malware code. The intent is to develop the next generation of cyber security “good guy hackers,” those who know the methods of potential hackers and can thus prevent and even counteract cyber attacks.
Addressing the hackers who are already in the system is a more daunting task, but steps are being taken. After the student’s hacking attempt, Perdue University replaced their keyboards to flat Apple models, a design notoriously difficult to insert keystroke loggers into. After all, school should not be so easy that we could all pass at the touch of a button.