As institutions and individuals create and store increasingly large amounts of data, cyber threats have become more common, and cybercriminals have become more incentivized to attack IT systems for the lucrative data they store. In countering these threats to their data, institutions would be well advised to shore up their defenses as they are only as strong as their weakest link.
As we progress further into Cybersecurity Awareness month this October, Softdocs is hosting several webinars to help educate our customers about best practices for greater cybersecurity. During one such webinar, Steven Lowder, Application Security Architect at Softdocs, spoke about the current state of affairs in the realm of cybersecurity, the threats posed by cybercriminals, and how educational institutions can rise to face the challenges posed by these criminals.
Cybersecurity is a significant concern for all institutions and businesses. Some of the biggest cyber threats that small and medium businesses (SMBs) face are phishing, password loss, and ransomware. According to a study by Juniper Research, in 2023, it is estimated cybercriminals will be stealing 33 billion records. Last year, sensitive data from employees and students was stolen and released online in 44 of the 88 attacks, according to an Emsisoft report, showing that educational institutions are not exempt from these attacks.
In fact, the Education/Research sector was the most targeted industry in 2021, with an average of 1,605 cyberattacks per week, up 75% from 2020. In terms of ransomware attacks, K-12 had the highest rate of ransom payouts in 2021, at 53%. Unfortunately, only 2% of educational institutions that paid the ransom ended up getting all their data back. According to the Emsisoft report referenced earlier, in 2021, ransomware attacks affected 1,043 individual schools across 62 school districts and 26 colleges & universities. In 2021, 40% of victims in the higher education sector took longer than one month to recover from a cyberattack. Are you prepared to mitigate these risks and prevent your institution from becoming part of these statistics?
The first step in dealing with a threat of this magnitude, and preparing to defend yourself, is to assess your processes and identify any weak links. After all, you are only as strong as your weakest link. As you assess your risk exposure, it is important to understand your landscape. Your biggest vulnerabilities are your users and the systems. Let’s address one at a time.
Users: Whether it is due to negligence or laziness, even otherwise sincere and diligent employees can become sources of vulnerability. The direct way in which organizations try to fix this problem is through security training sessions. This is a good start, but building a security culture and mindset in people won’t be accomplished with a single, one-hour annual training session. It's more than a checkbox on a compliance form. When people come to work for your company, most of their jobs are not directly security-related, so their mindset isn't about protecting data. The goal should be to adjust the mindset of individuals so that security is incorporated into everything they do so that, while successfully doing their jobs, they're helping the organization be secure as well.
Systems: When it comes to digital access, even extremely competent IT teams with the best intentions are too generous in allowing access. 65% of companies give root access to people who don’t need that level of access to the computer system. 63% of companies fail to remove access for people who leave the company. Additional tools like multi-factor authentication (to confirm the identity of the user ) and password vaults (to strengthen passwords) can also increase defenses against attackers.
At this point, it is also important to understand that not all risks are worth eliminating. You have to weigh the cost of solving that problem against the impact of the exploitation of that weakness. Also consider, how likely is the vulnerability to be exploited. While we all want a complete absence of risk, it might turn out that we can live with a small amount.
A thorough and honest assessment of your defenses against the horde of cybercriminals desperate to get into your data is a great way to begin the process of keeping your institution’s data secure. Educational institutions, in particular, due to their increased vulnerability, should take greater care in ensuring their institutional data is secure.
Want to watch the on-demand webinar? Click here and learn more from our expert on how you can protect your institutional data from cybercriminals.