Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Understanding Cyber Threats Against the Universities, Colleges, and Schools

Harjinder Singh Lallie, Andrew Thompson, Elzbieta Titis, Paul Stephens

TL;DR

This paper assesses cyber threats to the education sector worldwide, highlighting ransomware as the dominant external threat and insider threats posed by students as a significant internal risk. It introduces a novel timeline of 58 attacks up to 2022, derived from diverse public sources, and analyzes insider incidents (28 cases, split evenly between university and school students) to reveal distinct motivation and tactic patterns. The study combines a qualitative risk analysis with practical mitigation guidance, including training, reporting, defense-in-depth, backups, and governance aligned with ISO 27000 standards. The findings underscore the need for tailored, workforce-wide cybersecurity education and policy measures to address both external and internal threats and to mitigate broader organizational and national security impacts in the education sector.

Abstract

Universities hold and process a vast amount of valuable user and research data. This makes them a prime target for cyber criminals. Additionally, universities and other educational settings, such as schools and college IT systems, have become a prime target for some of their own students -- often motivated by an opportunity to cause damage to networks and websites, and/or improve their grades. This paper provides a focused assessment of the current cyber security threat to universities, colleges, and schools (`the education sector') worldwide, providing chronological sequencing of attacks and highlighting the insider threat posed by students. Fifty-eight attacks were identified, with ransomware being the most common type of external attack, and hacking motivated by personal gain showing as the most common form of internal attack. Students, who have become a significant internal threat by either aiding or carrying out attacks are not a homogeneous group, as students may be motivated by different factors, therefore calling for targeted responses. Furthermore, the education sector is increasingly reliant on third party IT service providers meaning attacks on third parties can impact the university and its users. There is very little research analysing this problem, even less research analysing the problem in the context of schools. Hence this paper provides one of the first known assessment of the cyber attacks against the education sector, focusing on insider threat posed by students and offering recommendations for mitigating wider cyber threats.

Understanding Cyber Threats Against the Universities, Colleges, and Schools

TL;DR

This paper assesses cyber threats to the education sector worldwide, highlighting ransomware as the dominant external threat and insider threats posed by students as a significant internal risk. It introduces a novel timeline of 58 attacks up to 2022, derived from diverse public sources, and analyzes insider incidents (28 cases, split evenly between university and school students) to reveal distinct motivation and tactic patterns. The study combines a qualitative risk analysis with practical mitigation guidance, including training, reporting, defense-in-depth, backups, and governance aligned with ISO 27000 standards. The findings underscore the need for tailored, workforce-wide cybersecurity education and policy measures to address both external and internal threats and to mitigate broader organizational and national security impacts in the education sector.

Abstract

Universities hold and process a vast amount of valuable user and research data. This makes them a prime target for cyber criminals. Additionally, universities and other educational settings, such as schools and college IT systems, have become a prime target for some of their own students -- often motivated by an opportunity to cause damage to networks and websites, and/or improve their grades. This paper provides a focused assessment of the current cyber security threat to universities, colleges, and schools (`the education sector') worldwide, providing chronological sequencing of attacks and highlighting the insider threat posed by students. Fifty-eight attacks were identified, with ransomware being the most common type of external attack, and hacking motivated by personal gain showing as the most common form of internal attack. Students, who have become a significant internal threat by either aiding or carrying out attacks are not a homogeneous group, as students may be motivated by different factors, therefore calling for targeted responses. Furthermore, the education sector is increasingly reliant on third party IT service providers meaning attacks on third parties can impact the university and its users. There is very little research analysing this problem, even less research analysing the problem in the context of schools. Hence this paper provides one of the first known assessment of the cyber attacks against the education sector, focusing on insider threat posed by students and offering recommendations for mitigating wider cyber threats.
Paper Structure (18 sections, 1 table)

This paper contains 18 sections, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. Training and reporting
  4. Common attacks faced by universities
  5. Phishing
  6. DDoS attacks
  7. Ransomware
  8. State, terrorist, and hacktivist actors
  9. Internal threat
  10. Timeline creation methodology
  11. Results and analysis of cyber-attacks and associated risks
  12. Analysing the Insider Threat
  13. Discussion
  14. Insider threat posed by students
  15. Impact and mitigation of other threats
  16. ...and 3 more sections