In 2023, higher education institutions faced a surge of cyberattacks, making it the worst year on record for ransomware attacks in the education sector according to a report by Malwarebytes. The report revealed a 105 percent increase in known ransomware attacks against K–12 and higher education, with attacks in higher education alone rising by 70 percent.
Despite these alarming statistics, the overall spike in ransomware attacks, which increased by 68 percent in 2023 according to Malwarebytes, is not surprising. The report also highlighted that the actual number of attacks could be significantly higher if ransom payments were considered.
To better defend against cyber threats, education institutions can explore the 2024 CDW Cybersecurity Report. Click the banner below to access the report and enhance your institution’s security protocols.
What Is Driving the Increase in Cyberattacks in Higher Education?
Malwarebytes identified LockBit and Rhysdia as the primary ransomware gangs responsible for the increase in attacks with over 100 incidents. LockBit, described as the most prolific gang in 2023, was dismantled by a multinational law enforcement effort in late February. However, the impact on future attacks remains uncertain.
In addition to ransomware gangs, Malwarebytes warned against the rise of “big game” attacks that demand large ransoms and involve extensive planning by attackers. The use of Ransomware as a Service code has contributed to the emergence of these sophisticated attacks.
Furthermore, malicious advertising and malvertising have been used by cybercriminals to breach secure networks by impersonating reputable businesses. This deceptive tactic poses a significant threat to cybersecurity.
Given the escalating cyber threats, higher education institutions have prioritized security measures, with cybersecurity ranking as the top issue on EDUCAUSE’s list of challenges facing colleges and universities. Institutions are adopting zero-trust security frameworks, enhancing identity and access management, and leveraging virtual CISOs to strengthen their defenses against cyberattacks.
Editor’s note: This article was originally published on March 21, 2024.
