Cybercrime is on the rise. In 2020, there were more attacks than during any previous year. 2021 is not likely to see an improvement. Criminals are developing more sophisticated tools, taking advantage of artificial intelligence and 5G technology. They are finding their way into almost every sector of society, from private individuals to public institutions. You can now add universities to the list.

The FBI’s Cyber Division sees an increase in the number of cyberattacks on university IT systems. The department released an advisory notice warning system administrators and cybersecurity personnel about the heightened threat facing their systems. The FBI identified this new risk in March of 2021, but it is evident that the issue is gaining traction and spreading. Thus far, cybercriminals have targeted universities in at least 12 states and the UK. If authorities have identified who is responsible, they are not yet making it publicly known.

How Are Cybercriminals Gaining Access?

Ransomware is a form of malware that installs a program on system computers. This program encrypts targeted data, making it inaccessible to users. With ransomware attacks, cybercriminals usually demand their victims pay them a large amount of money to release the data. In this case, it seems that they are also threatening to sell sensitive information — such as social security numbers — unless the institutions meet additional demands. In essence, they are collecting twice in a single exchange.

The criminals are using a form of ransomware called PYSA. This particular malware is also often used to hack into government agencies, healthcare organizations, and private companies. Hackers usually use phishing emails to access IT systems, though they sometimes also steal individual login information. Phishing emails that contain ransomware often look like important and official information. The email instructs recipients to download a file. The PYSA ransomware is attached to a file with a .pysa extension. Once the recipient downloads the file, the malware takes over.

What Can Universities Do To Lower Risk?

Your clients can take steps to reduce their risks. Here are some suggestions you can provide:

• Implement and require multi-factor identification for login to university systems.
• Keep systems up to date with security patches, updates, and firmware.
• Back up critical data and enable password protection and disable editing and deleting for backup versions.
• Keep anti-virus and anti-malware software current on all system hosts.
• Educate system users about cyber threats and phishing emails and instruct them to contact IT if they receive suspicious emails.

Ensure your clients in the higher education arena are aware of this ongoing development and have taken these additional measures to secure their systems. Cybersecurity threats are a constantly evolving concern. University institutions can reduce their risks by staying informed about potential issues and maintaining robust security systems.

About PGUI

Professional Governmental Underwriters, LLC , is a full-service risk management company dedicated to assisting public, educational and non-profit entities in the management of their professional liability exposures including educators liability insurance. We are dedicated to providing state-of-the-art professional underwriting management and loss control advisory services on behalf of our designated carriers. For more information, call us toll-free at (800) 586-6502.