The major threats to operations in higher education in past years were funding shortfalls, natural disasters and dropping enrollments. Now, criminal cyberactivity has risen to a top concern.
This is a red-alert crisis for all of us: students, faculty, staff and institutions as a whole. The rising extortion of money from government and business entities should put all of us on guard. Colleges and universities are all the more vulnerable in these uncertain fiscal times. Too often, this is further compounded by a natural inclination to cover up incidents to protect public confidence and institutional reputation.
The crisis is not just one for the IT department. It is one that must be met by every student, faculty member, staff member, college and department. We must be vigilant to any potential intrusions and instantly inform our experts — day or night, weekday or weekend. And we must implement backup systems, prepare for contingencies and create serious restoration plans.
Ransomware, in which a ransom is demanded to recover stolen digital data, has been around for decades. One of the first documented cases came at the World Health Organization’s 1989 international AIDS conference. Biologist Joseph L. Popp sent out 20,000 diskettes to attendees: “But after 90 reboots, the Trojan hid directories and encrypted the names of the files on the customer’s computer. To regain access, the user would have to send $189 to PC Cyborg Corp. at a post office box in Panama.” With the advent of the World Wide Web in 1992, cybercriminals took the stage by deploying an array of malware that included ever-increasing instances of ransomware. Instances of ransomware attacks are on the steep increase, especially with the emerging new target of remote employees who may have computer and network vulnerabilities in their homes.