Full Answer Section

• Ensuring Security and Compliance: Protecting the University’s data and digital assets is paramount. ITS’s Information Security (InfoSec) division provides consultation, guidance, and investigative support to the UVA community. They focus on enhancing the security of UVA’s diverse computing environment, developing IT policies, assessing risks, and implementing security safeguards to protect sensitive information and ensure compliance with relevant regulations.
• Providing Essential Infrastructure: ITS is responsible for the foundational IT infrastructure that underpins all University activities. This includes managing wired and wireless networks, internet access, telephony services, data centers, storage, computing platforms (including cloud services), and endpoint management. A robust and reliable infrastructure is essential for the University to function effectively.
• Offering Support and Consulting: ITS provides direct support to faculty, staff, and students through various channels, including help desks and learning technology support. They also offer custom application development and consulting services to address specific needs across different departments and units within the University.

In essence, ITS acts as a vital partner in enabling UVA to achieve its goals in education, research, patient care (through UVA Health, which also relies heavily on IT infrastructure), and public service by providing the technological foundation, support, and security necessary for these activities to thrive in the digital age.

What Attracts Cyberattacks to Universities?

Universities have become increasingly attractive targets for cyberattacks due to a confluence of factors:

• Vast Amounts of Valuable Data: Universities collect and store a wide array of sensitive information, including:
  • Personal Identifiable Information (PII): Names, addresses, email addresses, phone numbers of students, faculty, and staff.
  • Financial Data: Tuition payments, employee payroll information, donor records, credit card details.
  • Medical Records: Particularly within university-affiliated healthcare systems.
  • Intellectual Property and Research Data: Cutting-edge research findings, patents, unpublished papers, often with significant economic or strategic value. This can be of interest to nation-state actors for espionage or to competitors for economic gain.
  • Student Loan Information: Attractive for financial fraud.
• Weaker Than Average Security Measures (Historically): While universities are increasingly investing in cybersecurity, they have historically faced challenges in implementing robust security measures due to:
  • Decentralized IT Structures: Many departments and research groups may have their own IT systems with varying security protocols, creating numerous entry points.
  • Open and Collaborative Environment: The academic culture often values openness and the free exchange of information, which can sometimes conflict with strict security policies.
  • Limited Resources: Compared to for-profit corporations, universities may have budget constraints that limit investment in cybersecurity personnel, tools, and training.
  • Legacy Systems: Universities often operate with a mix of older and newer IT systems, and maintaining security across outdated infrastructure can be challenging.
• Large Attack Surface: Universities have a vast and diverse network infrastructure with numerous endpoints, including:
  • University-owned devices (desktops, laptops, servers).
  • Personal devices of students, faculty, and staff connecting to the university network (BYOD).
  • Various departments, research labs, and administrative units, each with potential vulnerabilities.
  • Web-facing assets like websites, portals, and online learning platforms.
• Insider Threats: Universities have a large and diverse user population, including students, faculty, and staff, some of whom may lack adequate cybersecurity awareness or may become unwitting participants in attacks (e.g., through phishing). In some cases, malicious insiders can also pose a threat.
• Newsworthiness: A successful cyberattack on a university can generate significant media attention, which can be a motivation for certain threat actors seeking notoriety or aiming to disrupt public trust in institutions.
• Gateways to Other Networks: Universities often collaborate with other research institutions, government agencies, and private companies. Compromising a university network can potentially provide a stepping stone to attack these connected entities.

What are the Most Common Attack Methods and Approaches for Mitigating Those Attacks?

Universities face a range of cyberattack methods. Some of the most common include:

Common Attack Methods:

• Phishing and Spear Phishing: Deceptive emails or messages designed to trick users into revealing sensitive information (passwords, financial details) or clicking malicious links that install malware. Spear phishing targets specific individuals or groups, often high-profile targets like senior leadership or researchers with access to valuable data.
• Ransomware: Malware that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. Universities are particularly vulnerable due to the potential disruption to academic activities, research, and administrative functions. Double extortion tactics, where attackers also threaten to release stolen data, are increasingly common.
• Malware (General): Includes viruses, worms, Trojans, and spyware that can infiltrate systems to steal data, disrupt operations, or gain unauthorized access. Malware can be spread through various means, including malicious email attachments, infected websites, and compromised software.
• Distributed Denial of Service (DDoS) Attacks: Overwhelming a university’s servers or network infrastructure with a flood of traffic, making websites and online services unavailable to legitimate users. This can disrupt online learning platforms, registration systems, and other critical services. Ransom demands are sometimes associated with DDoS attacks.
• Password Attacks: Attempts to gain unauthorized access to accounts by cracking passwords through techniques like brute-force attacks (trying numerous password combinations), dictionary attacks (using lists of common passwords), or exploiting password vulnerabilities.
• SQL Injection: Exploiting vulnerabilities in web applications that interact with databases, allowing attackers to execute malicious SQL code to access, modify, or delete data.
• Formjacking: Injecting malicious code into online forms (e.g., payment pages) on university websites to steal submitted information, such as credit card details.
• Spoofing: Impersonating a legitimate entity (e.g., through email or website spoofing) to deceive users.
• Insider Threats: Security risks posed by individuals within the university community, whether intentionally malicious or due to negligence or lack of awareness.
• Exploitation of Vulnerabilities: Attackers target known weaknesses in software, operating systems, or network devices that have not been patched or updated.
• Third-Party Attacks: Compromising a university’s vendors or partners to gain access to the university’s systems or data.