Harvard University in Cambridge, Massachusetts, experienced a data breach in October. Credit: Ilnur Khisamutdinov/Alamy
On 10 November, hackers gained access to a Princeton University database containing the personal information of those in the institution’s community, including alumni, donors and students. In October, similar data breaches occurred at the University of Pennsylvania in Philadelphia and Harvard University in Cambridge, Massachusetts.
These incidents are part of a broader trend. Over the past few years, cyberattacks have been on the rise at academic institutions around the globe. Not only are attacks time-consuming and costly to contain and clean up, but they have also caused university employees to lose access to essential digital services, such as e-mail and research software, for weeks — or even months — at a time.
“The number of cyberattacks is not relenting,” says Harjinder Singh Lallie, a cybersecurity specialist at the University of Warwick, UK.
Universities have been working to implement more robust security systems, but specialists say that academic institutions need to do more to shore up defences, especially against attacks that are assisted by artificial intelligence (AI), which might enable hackers to conduct breaches with greater speed and ease.
Toby Murray, a cybersecurity researcher at the University of Melbourne in Australia, says that in today’s political climate, in which competition between countries has been on the rise, “universities remain a really attractive target”. It’s often difficult to trace where attacks come from, but some have been traced to state-sponsored groups, and often involve the use of ransomware, malicious software that blocks data or systems until a payment is made.
NEWS: Cyberattacks are hitting research institutions — with devastating effects
What makes universities vulnerable?
Across all sectors, from government organizations to private companies, cyberattacks have been increasing. Specialists say that universities are particularly vulnerable because of the valuable data they house, such as employee records and intellectual property, and because these institutions are difficult to secure. Many universities have older, outdated security systems as well as diverse digital infrastructures and communities that can make it easy for hackers to infiltrate such systems.
“It’s going to get worse,” says David Batho, the director of security at Jisc, an organization that provides digital infrastructure to educational institutions in the United Kingdom. “Prevention is no longer enough. Building resilience is essential.”
A UK government survey carried out between August and December last year, revealed that the country’s educational institutions have had a high prevalence of cybersecurity breaches and were more likely to experience such incidents than were other businesses. According to an accompanying report, 91% of higher education institutions and 85% of further education colleges reported having experienced such an incident in the past 12 months.
Quantum hacking looms — but ultra-secure encryption is ready to deploy
