The new school semester has begun and is off to a great start. Your students are engaged, prepared and full of spirit. Ready for their first test, they log in to their online student portal to access the exam. Just as the test is about to begin, the website crashes. Panic ensues among the students, who instantly turn to twitter and email for help.
Here’s what happened: The school did not have proper website security in place and consequently was the target of a data breach that shut down its website. Higher education institutions are attractive and lucrative targets to cybercriminals. In 2015, the education sector was among the top three sectors breached, behind healthcare and retail. College campuses store a wealth of confidential student and faculty data, including medical records, financial information and intellectual property for products and prescription drugs. Some of the most common attacks cybercriminals use to breach higher education institutions are hacking, malware and DDoS attacks.
Hacking and malware were the cause of 36 percent of data breaches in the education sector in 2015. Hacking is a general term used when an unauthorized individual attempts to accesses sensitive information by directly entering a website, network or other entry point.
In 2015, Pennsylvania State University experienced two cyberattacks, in which at least one of the attacks used advanced malware to hack its systems. The cybercriminal behind the attack compromised the students’ usernames and passwords, which were used to access the school’s network.
When malware finds its way into your website’s code, it can be used to steal your sensitive data. To find malware with accuracy, use a website scanner. It will crawl your website for malicious signatures and links. Not all scanners can remove malware, but it is recommended you find one that can. The SiteLock INFINITY scanner is a malware and vulnerability remediation service that checks for and removes malware automatically. It will continuously scan your college’s website for complete security.
Learn more about malware removal here.
Over 30 percent of higher education institutions that experience one data breach, end up experiencing a second. Take it from Rutgers University, which experienced six DDoS attacks in 2015. The longest attack lasted five days. DDoS (Distributed Denial of Service) is an attempt to make a website or network unavailable by flooding the target with multiple requests. The source of the attack comes from hundreds (or sometimes thousands) of unique IP addresses at once. A successfully executed DDoS attack can take a site down for days at a time, which can cause headaches for professors and students alike.
As in the case with Rutgers, students were unable to reach certain online class portals, such as Sakai, an open source, Java-based course. Reportedly, a hacker named Exfocus was behind at least one of the DDoS attacks, and claims he was paid $500 dollars an hour in Bitcoin to launch the attack. Due to the number of cyberattacks, Rutgers was forced to raise tuition and fees by 2.3 percent for the 2015-2016 school year to pay for an increase in their IT cybersecurity budget.
During a DDoS attack, the attack traffic is originating from compromised computers, not the attacker’s computer. This makes identifying the cybercriminal very challenging.
Cybercriminals can use very sophisticated DDoS attacks that take down sites for long periods at a time. For comprehensive protection, look for a DDoS protection service that provides web application, infrastructure and DNS protection.
Don’t leave cybersecurity off of your back-to-school checklist. Prepare for a successful semester by protecting your students and faculty from data breaches. Contact the SiteLock security experts to help or call us at 855.378.6200. We’re available 24/7/365 to help.