This past week Howard University had to cancel classes due to “unusual activity on the University’s network”. As a result, their Enterprise Technology Services (ETS) team shut down the school’s classes for the day to investigate the situation which they identified as a ransomware attack.
This incident brought to light the consideration of how deep and wide the net can be cast when an attack takes place on an entity such as this. While nothing is confirmed with the Howard University incident, it does mean that we must pause to consider the range of data that could be compromised. A university or college is like a mini-city.
The data that the network contains might include:
- Personal data of students and faculty
- Financial information
- Healthcare information
- Research data
- and countless other possibilities that link humans, and their information, to the school
Schools are increasingly targeted by hackers as they can obtain such a variety and wealth of information and holding the data for ransom cripples them as it would any other business. According to research from Sophos, ransomware is more successful when it comes to education coming in at 56% of the businesses hit ending up with encrypted data, and 35% of them paying the ransom. Unfortunately, only 68% of those who paid were able to get their data back. The increase in attacks last year was likely a result of the education sector being mostly online during the pandemic.