Cyber-attacks and information breaches within the academic sector have received much less media attention than attacks on health, financial and industrial sectors. Nevertheless, based on a number of reports since 2014, academic institutions are part of the 3 most targeted sectors. Furthermore, attacks against academic institutions have been around for over 3 decades, and they are not going away.
In the past couple of years, institutes such as Harvard University, Greenwich University and University of Montreal have been targeted. The academic institution’s size or location is irrelevant, they are all targets and this is based on the purpose of the attacks. A few reasons why academic institutions are attacked include: Obtaining exams prior to exam date; The change of records and grades; Academic research theft; Theft of financial and personally identifiable information (PII); Mischief and other malicious intentions against the institution. Academic institutions that have been hit could undergo high financial loss, loss of intellectual property and reputational damage.
In recent years, advances in technology have made it easier for attacks to be performed and successful. The main attack vector is through emails, which can be very vulnerable. Worldwide statistics show that around 75% of cyber-attacks originate from malicious emails. Students, professors and other staff within these institutions might have a low level of cyber awareness, leading them to open emails without thinking that it might contain malicious content.
Social engineering methods for deception are applied to lure the targeted victim to open an email. The malicious email can contain different types of infected files disguised as something else such as a CV, a meeting invitation or a request to review a research draft. These emails can also include a URL link to a compromised website pretending to show relevant materials to the targeted recipient. Accessing an infected attachment or malicious website through the URL link could open a direct connection to a command and control (C&C) used by the attacker. Once this action has taken place the hacker could steal, modify or encrypt data, having severe consequences on the affected victim.
Academic institutions are taking steps to mitigate such exposures to attacks. Implementing Firewalls, Secure Browsing, Antivirus software, Sandbox and even promoting cyber awareness are all part of a security framework. The real question is; How sure are they about their vulnerabilities to cyber-attacks?
Cymulate ensures that organizations won’t make any false assumptions about their security posture. Through a combination of offensive/defensive methods provided by a SaaS platform, Cymulate helps organizations to expose critical vulnerabilities in their security infrastructure before a real attack does.
Test now your organization’s email security and browser security with Cymulate’s advanced attack simulations. The assessment’s results might shock you or assure you that you have been performing well, it’s safe to say that after an assessment you won’t count on false assumptions.