Universities are an obvious target for hackers, for some really obvious reasons. Usually you have a relatively inexperienced IT workforce, a risk-unaware user base, and one thing that may come as a surprise to many outside of these environments, an extremely insecure environment. A few years back I had some interaction with a college IT department and they told me they have no authority to limit access to install software or block websites, because of “academic freedom”.
In short, faculty required the freedom to do anything they wanted to in the name of research. So they did, anything they wanted, on the college’s network.
It’s good to see some places trying to put some more security in place though.
“A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.”
Image by ivanpw