Why the Education Sector Needs to Get Better at Cyber Hygiene
As we enter the New Year, it hasn't taken long for the education sector to be hit by several high-profile cyber attacks, underscoring the growing threats facing this critical industry. One of the groups responsible for some of these attacks, known as FOG, is a relatively new player in the ransomware-as-a-service world. The group appeared in the wild in May 2024 and has built a reputation for targeting U.S.-based higher education institutions by exploiting compromised VPN credentials to gain access to sensitive systems. In fact, cybersecurity researchers at Arctic Wolf reported that 80% of all FOG's victims are in the education sector.
This rise in incidents highlights several important considerations that demand attention. First, it raises a critical question: Why aren't higher education institutions learning from the mistakes of their peers? Cyber attacks targeting educational institutions are not a new phenomenon. In recent years, ransomware groups and other bad actors have repeatedly exploited the sector. Despite the wealth of publicly available information about prior attacks and the TTPs (tactics, techniques, and procedures) used by cyber criminals, many institutions appear unprepared to protect their students, faculty, and endowments from cyber threats.
The second takeaway is that cyber criminals continue to exploit well-established attack vectors, such as phishing, unpatched systems, and compromised credentials to infiltrate systems and access sensitive data. These vulnerabilities could often be mitigated with the implementation of basic security best practices.
A Call to Action
The recent wave of cyber attacks targeting the education sector underscores the persistent vulnerabilities within higher education institutions and the urgent need for these organizations to get up to speed on cyber hygiene and prioritize a comprehensive approach to cybersecurity.
Historically, institutions have pointed to tight budgets, reliance on outdated technologies, and the necessity of maintaining an open and collaborative environment as barriers to robust cybersecurity. However, these challenges can no longer serve as acceptable excuses. The stakes are simply too high, with ransomware groups and other threat actors continuing to exploit weaknesses to access sensitive data, disrupt operations, and demand significant payouts.
Educational organizations must recognize that adopting a proactive cybersecurity posture is no longer an optional investment — it is an operational necessity. Fortunately, there are several fundamental cybersecurity controls and practices that institutions can implement quickly and cost-effectively to significantly strengthen their defenses. Here are 10 of the most impactful measures.
1) Regular Cybersecurity Awareness Training
Offer short, engaging, and frequent training sessions to ensure participants pay attention and retain the information long after the session ends. The curriculum should cover common threats, how to respond, and cyber hygiene best practices. Empowering individuals with knowledge can drastically reduce the success rate of attacks.
2) Incident Assessment Integration
Use recent cyber attacks targeting educational institutions as case studies during training. Analyze the incidents to draw actionable insights. This can enhance internal processes and help participants understand real-world applications of cybersecurity measures.
3) Foster a Proactive Cybersecurity Culture
Make cybersecurity awareness a shared responsibility across all levels of the organization — from administrators, operators, and IT teams to faculty, staff, and students. Help individuals understand their role in safeguarding digital assets, networks, and identities. A culture of accountability can inspire widespread adoption of best practices.
4) Strong Passwords and Multi-factor Authentication (MFA)
Strong and unique passwords are essential to protect higher education systems and data. The strongest passwords are at least 12 characters, made up of a combination of letters, numbers, and special characters. Complement passwords with MFA, which requires two forms of verification before granting system access, making it significantly harder for attackers to exploit stolen credentials.
5) Robust Backup Practices
Regularly back up critical data and store it in secure, offline locations. In the event of a ransomware attack or system failure, backups provide a lifeline for recovering data without paying ransom demands.
6) Enhanced Virtual Private Network (VPN) Security
As many institutions rely on VPNs, ensure they are secured with updated protocols, strong passwords, and MFA. This minimizes risks associated with remote access and prevents attackers from exploiting weak points.
7) Timely Software Updates and Patch Management
Promptly update systems, applications, and firmware to close known vulnerabilities that attackers often exploit. Implement automated updates whenever possible to prevent gaps between vulnerability discovery and patch deployment.
8) Network Segmentation
Isolate sensitive systems and data from broader network access to limit an attacker's ability to move laterally within the network during a breach. This measure reduces the scope and impact of the attack.
9) Data Encryption
Utilize encryption to protect sensitive information, including staff and student data as well as academic research. Encryption ensures that, even if data is intercepted, it remains unreadable without the proper decryption key.
10) Incident Response Plans
Develop and routinely test an incident response plan to enable swift and effective action in the event of a cyber incident. Regular simulations ensure that all stakeholders are prepared to minimize downtime and damage.
The fundamental principles of staying safe in a dynamic threat landscape remain unchanged. What must change is higher education institutions' willingness and commitment to embrace and implement them.
By drawing on lessons from past incidents, staying current with cybersecurity best practices, and implementing the above measures, higher education institutions can begin to close the vulnerabilities that ransomware groups like FOG exploit. These proactive steps not only enhance security but also safeguard the trust and reputation of educational organizations in an increasingly digital world.