The 2nd week of CSAM focuses on the mounting cyber threats in Higher Ed, understanding these threats, and what you can do to avoid them. While cyber attacks have increased in every sector, they’ve risen precipitously in Higher Education. Scammers are very interested in both the amount of data and the types of data that can be found in institutions of higher learning. Of particular interest is research, financial data, health data and all other types of PII (Personally Identifiable Information) that can be stolen and used in other attacks or sold. Further, Higher Ed is viewed as vulnerable due to its collaborative and collegial environment and due to the fact that there may be more legacy systems in the environment and less rigor around patching/updating systems. For more information as to why universities are targets please see the interview of Don Welch (NYU CIO) and Richard Sparrow (NYU CISO) on NYU’s Cybersecurity Awareness Month 2022 web page.
Aside from following the cyber standards that have been set to protect your research, and updating your devices as updates become available, another key contributor to good security is detecting and avoiding social engineering scams, According to a 2022 Proofpoint report, 95-98% of attacks on individuals and organizations involved social engineering, with a global cost of 1.6 billion dollars.
The good news is that many social engineering scams can be avoided if you stop, look and think before you react. For information on how these scams commonly occur, and tips and recommendations for avoiding them, please see the following recently updated article from The Download, Social Engineering Attacks and How You Can Protect Yourself. Additionally, for a resource to help you assess email messages received for fraud, please see the following KnowBe4 visual aid for email related Social Engineering Red Flags.