For a service designed to give consumers peace of mind, cyber insurance has become a convoluted and contentious subject. The skyrocketing rates of cyberattacks necessitate a parallel increase in cyber insurance costs. Paradoxically, this trend is forcing many higher education institutions to abandon their insurance plans just when they need coverage most.
A Perfect Storm
The abrupt, sweeping shift to telework in 2020 cast a harsh light on cybersecurity vulnerabilities throughout the nation’s higher education institutions. The education sector now suffers the overwhelming majority of malware encounters when compared to the financial and corporate sectors. Alarmingly, the increase in ransomware attacks against higher education institutions in the first year of the pandemic was so significant that the FBI’s Cyber Division released an advisory on the subject in March 2021.
Another contributing factor to this increase is that cybercrime has become relatively easy to perpetrate with modern technology. The tools and skills necessary to implement a ransomware attack are so rudimentary that some malicious actors cannot even retrieve the data they have stolen once a victim forks over the ransom. Of course, there is no refund policy for cyber-attacks, and therefore the victim is left without data or money, and the information they paid top dollar to get back is floating around in cyber-space.
Higher education institutions are a perfect target for cyber criminals given the confidential, groundbreaking research they conduct, and the minimal safeguards in place to defend that valuable information.
Moreover, the collaborative nature of universities promotes information sharing, whereas the access restrictions of security strategies like zero trust can create friction in the information sharing process.
Steps Institutions Can Take Now
Certain best-practice recommendations have become requirements for institutions interested in obtaining or maintaining their cyber insurance.
Recent attacks against the likes of Howard University, University of California San Francisco, University of Massachusetts Lowell, and many more have shown that with or without cyber insurance, changes to current security protocols must be made, and hastily.
1. One substantial change universities and colleges can implement to defend themselves is to limit the number of users in their network with administrative rights. Bad actors often seek to obtain credentials through phishing or malware schemes to gain entry to a network and the data within it, and since privileged credentials can access the most data, they are the most valuable.
Josh McDonough, Lead Solutions Engineer at BeyondTrust, has a decade of experience in IT and systems engineering. BeyondTrust is a worldwide leader in intelligent identity and access security.
- Changing campus safety with AI-driven video analytics - June 9, 2023
- Equitable access can improve course completion and student success - June 8, 2023
- A lack of cloud experience could harm students’ job prospects - June 7, 2023