Cybersecurity in Higher Education: Common & Recent Issues


Every 11 seconds, a business is breached by a ransomware attack that has passed through its existing security stack. While ransomware attacks are impacting all industries, the education industry is one that has seen an increasing trend of ransomware attacks, making cybersecurity in higher education more and more important for administrators. 

Common Cybersecurity Issues in Higher Education

Higher education institutions hold massive databases of administrator, professor, student, and alumni personally identifiable information (PII), making them prime targets for cyber criminals looking for a massive score. 

Understanding what your organization is up against can help you better prepare for inevitable attacks and help you establish a proactive, rather than reactive, cybersecurity defense posture


As mentioned above, university ransomware attacks are common. Ransomware attacks work by installing malicious software on an organization’s system or network that then takes over control of the information stored there. This information can be held ransom—hence the name—until the organization pays to get it returned, or sold on the internet to other cyber criminals. 

Keeping backups, training staff and students, keeping systems up to date, establishing a zero trust architecture, and implementing a strong combination of IDS, IPS, and firewalls can help build a wall between your institution and possible ransomware attacks.

SQL Injections

SQL injection attacks work by allowing cybercriminals to bypass login-required sections of networks, where the injected code interferes with the database behind the login application, allowing vulnerable databases to be viewed, modified, or deleted. This potentially leaves  sensitive information exposed. 

In 2020, three Italian universities were hacked using SQL injections, and in 2017, even Cornell and NYU were hit with such attacks. Parameterized statements and other language-based measures can help keep your database protected against SQL attacks. 


The old classic. Phishing has been a problem for institutions for as long as the internet has existed, and is still a commonly seen threat across industries because it still works. Phishing works when a cybercriminal impersonates a trusted source, tricks the victim into clicking on a bad link, and installing malware/ransomware on their computer post-click. 

This software can then be used to access that person’s PII, access the Wi-Fi network of the device, lock their computer, and more. 

One of the best ways to defend against phishing attacks is to train your administrators, professors, and students on current events & issues related to cybersecurity in higher education and generally on an ongoing basis. 

Quickly Changing Landscape 

One of the most challenging aspects of cybersecurity is the rate at which threats evolve and change. As new patches and security measures are created to fix past exploits and vulnerabilities, cybercriminals find new exploits and vulnerabilities, and the cycle begins again. Keeping cybersecurity professionals, as well as software, up to date on the latest threats is a challenge and a full-time job in and of itself. 

Installing a third-party software that is maintained with constantly updated data sources, consistent and ongoing staff and student training, and outsourcing cybersecurity to a third-party vendor are some of the best ways to guarantee your network is always being watched. 

Recent Cybersecurity Issues in Higher Education

In March 2021, the FBI published a Flash alert highlighting an increase in education institutions and university ransomware attacks. Specifically, the FBI pointed to an increase in PYSA ransomware targeting education institutions in 12 U.S. states and the United Kingdom. Attackers were looking to leverage PYSA to exfiltrate data from higher education, K-12 schools and seminaries to use as leverage to obtain ransomware payments.

In November 2021, two community colleges, Butler County Community College in Pennsylvania and Clark Community College in Illinois, were victims of ransomware attacks. These university ransomware attacks resulted in these two colleges being temporarily shut down.

ZDNet published an article entitled “Ransomware attacks are hitting universities hard, and they are feeling the pressure.” The article highlighted Jisc’s Cyber Impact 2022 Report, which pointed to a multi-year increase in ransomware attacks targeting U.K. education institutions. This  included two universities and a further education and skills (FES) provider that were hit by ransomware attacks in March 2022. These incidents were indicated to cause significant impacts.

The incidents didn’t stop there, though. More university ransomware attacks and the havoc they can cause continued. Multiple news outlets reported that after 157 years in operation, Illinois-based Lincoln College would be closing down permanently on May 13th. To be fair, the college had experienced significant negative impacts from the pandemic, which resulted in significant declines in enrollments and fundraising. 

However, a ransomware attack in December 2021 appears to be the “straw that broke the camel’s back.” The ransomware attack resulted in all systems required for recruitment, retention and fundraising efforts being inoperable. Systems were not fully restored until March 2022. 

Successful university ransomware attacks typically result in significant disruption and costs. In most cases the impacts are temporary and institutions are able to successfully recover from attacks over time. However, in the case of Lincoln College, the ransomware attack ended up being catastrophic.

Protect Your Higher Education Institution with ThreatBlockr

It’s clear from the above that ransomware attacks continue to be a growing problem for education institutions. As a means of strengthening defenses against ransomware threats and building stronger data security in higher education, one of the key things that education institutions can do is to increase their use of cyber intelligence. 

Cyber intelligence can not only act as an early warning system for ransomware and other cyber threats, but when used proactively can also help to prevent ransomware attacks from happening in the first place.

To learn more about cybersecurity in higher education and how ThreatBlockr can help your educational institution use massive amounts of cyber intelligence from multiple sources to improve ransomware defenses, check out our ThreatBlockr Education Industry Data Sheet, our ThreatBlockr Data Sheet and Schedule a Demo.