The onset of near-universal remote learning made necessary by the COVID-19 pandemic left colleges and universities more vulnerable to ransomware, botnets and other cyberattacks, according to research published Tuesday by the cybersecurity provider BlueVoyant. And the combination of weak campus security policies and breaches of edtech vendors leaves schools open to continued risks, the company found.
Between 2019 and 2020, ransomware attacks against colleges doubled, the research said. They also became more financially costly, as the “big game hunting” tactics used by malicious actors that’ve targeted large corporations, major cities and state governments have moved into the education sector. According to BlueVoyant’s research, the average cost of a ransomware attack against universities reached $447,000 last year.
Several ransomware attacks against universities last year led schools to pay their attackers’ skyrocketing demands, including the University of California, San Francisco, which paid $1 million after it was breached last June, and the University of Utah, which forked over $457,000 in August.
Much of this increased activity has been made possible by millions of student and faculty credentials being available through previous data breaches, including several that affected digital learning companies like Blackbaud, the cloud services provider that acknowledged last year that hackers gained access to Social Security numbers and banking information held by its customers in higher education. Other vendors, including ProctorU, Chegg and OneClass have also been breached in the past three years, according to BlueVoyant.