Rising Threat of Ransomware and Other Malware
The major threats to operations in higher education in past years were funding shortfalls, natural disasters and dropping enrollments. Now, criminal cyberactivity has risen to a top concern.
The crisis is not just one for the IT department. It is one that must be met by every student, faculty member, staff member, college and department. We must be vigilant to any potential intrusions and instantly inform our experts — day or night, weekday or weekend. And we must implement backup systems, prepare for contingencies and create serious restoration plans.
Ransomware, in which a ransom is demanded to recover stolen digital data, has been around for decades. One of the first documented cases came at the World Health Organization’s 1989 international AIDS conference. Biologist Joseph L. Popp sent out 20,000 diskettes to attendees: “But after 90 reboots, the Trojan hid directories and encrypted the names of the files on the customer’s computer. To regain access, the user would have to send $189 to PC Cyborg Corp. at a post office box in Panama.” With the advent of the World Wide Web in 1992, cybercriminals took the stage by deploying an array of malware that included ever-increasing instances of ransomware. Instances of ransomware attacks are on the steep increase, especially with the emerging new target of remote employees who may have computer and network vulnerabilities in their homes.
Over all, damage, prevention, detection and other costs related to cyberattacks are predicted to reach $6 trillion this year — fully double the costs of just half a dozen years ago. Attacks against universities were up 100 percent in 2020 over 2019, with an average ransom demand of nearly $450,000. In fact, attacks have been so prevalent this year that the FBI issued an advisory that cyberextortionists were using type of malware called PYSA to not only demand a ransom to restore data, but also threatening to publish stolen data on the dark web. “The FBI does not encourage paying ransoms,” the advisory said. “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”
So, what are we to do to respond? First and foremost, universities need to step up their game to protect data and individuals. Most universities have taken steps in this direction, but this is not a once-and-done task. Constant monitoring of attacks around the world as well as on campus must lead to daily updates and improvements in security. Some universities have created cabinet-level administrative positions and entire units dedicated to ensuring cybersecurity.
It is important that we all support efforts to enhance security and that we all be responsive to our IT departments. If they are rolling out extra security for email, for example, multifactor authentication, make sure you comply as quickly as possible. Be first in line to sign up for protections and migrate your data to designated secure spots.
Educause has released a Ransomware Higher Ed Playbook, sponsored by Rapid7. It is worth your time to read.
We can go the extra step to maintain good personal data hygiene. Delete files that are no longer needed. Don’t let your data hang around when and where they are not essential. Create your own personal data backup system. Brian Posey posted an article in 2019 on four best practices to protect personal data:
- Keep an off-line backup
- Use immutable storage
- Tap anti-malware apps
- Up the frequency
For many of us, our homes are still our offices. That means that institutional digital hygiene extends to your home computer, your home network and all of those in your household who use it. McKinsey provides this advice to businesses that is equally applicable to higher ed institutions: “They will also need to anticipate the next normal — how their workforce, customers, supply chain, channel partners, and sector peers will work together — so that they may appropriately engage and embed security by design. The new context of changing customer and employee behavior and a constantly shifting threat landscape must also be considered.”
We must be vigilant. The consequences are towering. What you do on your personal computer that is occasionally used for work is consequential. What the other members of your household do on that computer impacts the security of your university. Vulnerabilities in your home Wi-Fi network become university vulnerabilities.
Urge your colleagues and students to follow university guidelines and scrupulously follow safe practices. Ideally, dedicate a single computer only to work use. Use a VPN. Think twice about saving and storing anything online.
Are you vocally supporting your IT and digital security offices? They can use all the support you can give in gaining full compliance with safe digital practices. The security of your students and your institution depends upon you.
This article was originally published in Inside Higher Ed’s Transforming Teaching and Learning blog.
Ray Schroeder is Professor Emeritus, Associate Vice Chancellor for Online Learning at the University of Illinois Springfield (UIS) and Senior Fellow at UPCEA. Each year, Ray publishes and presents nationally on emerging topics in online and technology-enhanced learning. Ray’s social media publications daily reach more than 12,000 professionals. He is the inaugural recipient of the A. Frank Mayadas Online Leadership Award, recipient of the University of Illinois Distinguished Service Award, the United States Distance Learning Association Hall of Fame Award, and the American Journal of Distance Education/University of Wisconsin Wedemeyer Excellence in Distance Education Award 2016.
Other UPCEA Updates + Blogs
Whether you need benchmarking studies, or market research for a new program, UPCEA Consulting is the right choice.
We know you. We know the challenges you face and we have the solutions you need. We speak your language and have been serving leaders like you for more than 100 years. UPCEA consultants are current or former continuing and online higher education professionals who are experts in the industry—put our expertise to work for you.
UPCEA is dedicated to advancing quality online learning at the institutional level. UPCEA is uniquely focused on excellence at the highest levels – leadership, administration, strategy – applying a macro lens to the online teaching and learning enterprise. Its engaged members include the stewards of online learning at most of the leading universities in the nation.
We offers a variety of custom research options through a variable pricing model.