Training

Victim: Bob

Role: Faculty at a private university.

Mistake: Clicked on an emailed link that supposedly redirects him to an application for funding for his research area.

Result: The malicious link unleashes a ransomware attack that infiltrates the university’s network and brings down their technology systems.

Consequences:

• University services are effected including email, grading systems and Bursar Office transactions
• University must shut down until they can resolve the crisis
  
  
  

Bob’s Options:

1. Pay the Ransom - No Guarantees

• Files still encrypted? Not fully accessible?
• Stolen data sold or exploited?

2. Rebuild Servers from Data Backups

Ransomware By The Numbers:

• 

  $7.5B+

  US ransomware attacks, 2019 costs

• 

  8.1M

  Average cost of a ransomware incident

• 

  287 days

  Average time to recover from an attack

Easy To Perform And A High Probability Of Success

Victim: Penelope

Role: Professor at Wiggham Community College.

Mistake: Receives an ‘from IT’ to update her log-in credentials; clicks on the link and enters her information on a website that looks legit.

Result: The hacker uses stolen credentials to access the community college’s network.

Consequences:

Hackers can now steal precious faculty and student PII

• Names, addresses, SS #s
• Student health records
• Payroll/financial information

Stolen PII Can Be Used For Financial Gain

• Identity theft
• Wire fraud
• Tax Fraud

Data Breaches By The Numbers:

• 

  $8.1M

  Average cost of a data breach for Education (U.S.)

• 

  $3,533

  Average cost of a data breach per employee

• 

  $142

  Average cost per record breached for Education

94% of Orgs experienced a phishing attack

Victim: Joan

Role: Professor at Hopper University.

Scenario:

• Conducting research for the US Department of Defense.
• Nation-state hackers have been following the progress of Joan’s research lab.
• Hackers launch a phishing scheme that one of Joan’s students falls victim of.

Result: Nation-state hackers steal classified research and provide it to their government.

Consequences:

• U.S. national security is compromised.
• Reputational damage for the university.
  
  

Real World Example:

Iranian Hackers stole credentials of professors, research data and IP

Data Breaches By The Numbers:

• 

  31 Tbytes

  Amount of documents and data stolen

• 

  144

  # of American universities compromised

• 

  8,000

  # of compromised email accounts

US-based universities spent ~$3.4B to procure and access data and intellectual property stolen by Iranian hackers

Victim: Jack

Role: University student.

Mistake:

• Desperate to get his parents off his back due to his poor academic performance.
• Develops a fake website that steals user credentials and sends the link to his profs.

Result: Jack uses stolen credentials to access the network, log into the grading system to update his grades.

Consequences:

• Reputational damage for the university.
• Compromised student records.
  
  

Key Security Challenges:

• 

  60%

  Share of total mail volume generated by employees

• 

  99%

  Of malware is deployed through email + web

• 

  59%

  Suffer negative impacts from an email-borne attack*

As much as 60% of email traffic is not inspected and secured