This information comes in the context of a U.S. cyberattack where the entire University of California system was included in those victimized in the breach, and emails soon started arriving at university-related accounts threatening to release information.
The data breach involves the technology company Accellion, contracted by UC and others to transfer information. Those victimized in the breach have been warned to change their passwords and other credentials.
Looking into the issue for Digital Journal is Matt Sanders, Director of Security at LogRhythm.
Sanders puts the incident into context, stating: “This latest cyberattack shows how the Accellion breach continues to impact organizations. Higher education continues to be inundated with breaches and cyberattacks, and unfortunately this latest breach from the University of California system is a part of a recurring theme.”
He adds why the education sector is a continua target for rogue actors: “The wealth of personal information and government data from federal research projects held by higher education institutions like UC make them an ideal target, and the substantial shift towards e-learning has made them even more vulnerable and appealing to hackers.”
This means that: “Protecting intellectual property is very important to research-focused universities and a breach like this could mean the loss of sensitive information and could damage future partnership opportunities.”
Recent trends have combined to make higher education more of a target for hackers, expanding new technologies. According to Sandlers: “A shift to e-learning, higher education institutions face several additional significant security challenges. University IT departments need to support multiple research institutes, centers, and labs that often act autonomously within a university. Students usually bring their own devices to class which are beyond the university’s control. Additionally, university budgets for security personnel and tools are often very constrained, making them soft targets for attacks.”
There are lessons for all organizations from the incident, states Sanders: “In today’s modern, data-centric landscape, customers’ personally identifiable information is more vulnerable to attack than ever before. Organizations storing private information must ensure that data protection is of the utmost priority.”
He concludes by considering what organizations need to do: “The onus on the organizations that are responsible for keeping users’ information safe and must implement real-time monitoring and clear visibility to rapidly detect and neutralize security threats. Education institutions should prioritize having advanced security tools in place that automate common investigation to watch over the valuable data they house on their platforms.”