Combat Surging Ransomware Attacks: Strategies for Universities & Colleges

Universities and colleges are increasingly under siege by ransomware. In 2023 alone, ransomware attacks on higher education institutions surged by 70%, with 66% of universities falling victim to these cyber assaults.

These attacks can cripple academic and operational functions. The financial impact is equally alarming — higher education institutions reported an average recovery cost of $4.02 million in 2024, nearly four times higher than the previous year.

Running a university is like managing a small city — complex systems, thousands of users, and vast amounts of valuable data are constantly in motion. This makes universities prime targets for cybercriminals. The question is now when, not if, your university will be targeted by ransomware. Without robust cybersecurity measures, the outcomes could be devastating.

What is a ransomware attack?

Ransomware is a type of malware that locks an organization’s data, effectively holding it hostage until a ransom is paid. For universities, the consequences of such an attack can be severe. Not only can ransomware encrypt important research and operational data, but the disruption caused can lead to reputational damage, lost revenue, and operational paralysis.

Critical data at risk includes:

• Personal information: Social security numbers, addresses, and records of students and faculty.
• Financial data: Tuition payments, payroll information, and donor contributions.
• Research and intellectual property: Irreplaceable proprietary research funded by academic grants and government projects.

The dilemma for universities is that even if they pay the ransom, there is no guarantee that attackers will return or secure the stolen data. Understanding why universities are so frequently targeted can help guide strategies for better protection.

Why are universities and colleges prime targets for ransomware?

Several factors make universities particularly attractive to cybercriminals. Each of these elements adds complexity to securing university networks and data:

• Decentralized IT systems: Many universities allow departments to manage their own IT infrastructure. This decentralization results in multiple access points for attackers, making it difficult to enforce uniform security measures across the institution.
• Constant influx of new users: Each academic year brings a flood of new students, faculty, and researchers who connect personal devices to the university network. These devices often lack adequate security protections, creating more vulnerabilities that are difficult to monitor and secure.
• Third-party vendor dependencies: Universities rely heavily on third-party vendors for essential services like cloud storage and software management. Weaknesses in these vendor systems can lead to significant security breaches, as seen in the MOVEit attack, where a vulnerability in the file-sharing software allowed cybercriminals to steal sensitive data from numerous organizations, including educational institutions.
• Physical security risks: Beyond digital systems, universities often use biometric access to manage secure areas. If compromised, these systems allow attackers physical access to critical areas, which could further disrupt operations or expose sensitive information.

With these vulnerabilities in mind, universities need a comprehensive strategy to protect against ransomware attacks.

How universities and colleges can reduce ransomware risk

Reducing ransomware risk requires a multi-layered defense strategy that blends technology, processes, and user awareness. Here's how universities can protect themselves:

• Implement multi-factor authentication (MFA): Adding MFA across all systems ensures that even if a password is compromised, a second form of verification, like a text message or authentication app, is required. This simple yet effective step significantly reduces unauthorized access.
• Centralize IT management: Centralizing IT management ensures consistent security policies across all departments, making monitoring and threat response more efficient.

While these technological measures form a strong defense, user behavior remains a significant factor in preventing ransomware attacks:

• Educate and train users: Phishing is one of the most common ways ransomware enters a system. Regular training for students, faculty, and staff on how to identify phishing emails and suspicious behavior is essential. Simulations and ongoing awareness programs can further enhance preparedness.
• Deploy advanced monitoring tools: Real-time monitoring tools like security operations centers (SOCs) and endpoint detection and response (EDR) systems can detect unusual activity before it leads to an attack. AI-powered systems, in particular, can identify patterns and stop threats before they escalate.

Ensuring the security of third-party vendors and external partners who interact with the university is equally important. Implementing strategies for effective vendor management and external party security helps protect university data:

• Secure third-party vendors: Universities often rely on third-party vendors for services. Regularly auditing their security practices and ensuring they meet high cybersecurity standards helps close off potential backdoors that attackers could exploit.
• Enhance physical and remote access security: With the rise of remote learning and work, securing both physical and digital access points is more important than ever. Use virtual private networks (VPNs) to protect remote access, ensuring only approved devices connect to the university network. For physical locations, biometric access controls add an extra layer of security, reinforced with multi-factor authentication (MFA) and encryption. This layered approach helps mitigate vulnerabilities and enhances overall protection.

Securing access points is one layer of protection, but a more comprehensive approach blends strong technological defenses with strategies to overcome various challenges. These can include obstacles that impact the overall success of a security strategy.

Overcoming budgetary and organizational challenges:

Budget constraints and organizational resistance are two major obstacles to improving cybersecurity in universities. However, addressing these challenges is key to reducing risk. When budgets are tight, investing in cybersecurity often competes with other priorities, yet the cost of recovering from a ransomware attack can far exceed the investment needed for prevention. Effective steps include:

• Prioritize cybersecurity in budget discussions: Ensuring cybersecurity is a regular part of budget allocation helps prevent future financial losses.
• Leverage external resources: Government programs, such as those offered by the Cybersecurity and Infrastructure Security Agency (CISA), provide tools and assistance that can supplement internal budgets.

Organizational resistance, especially from long-tenured faculty, can be a barrier to adopting security protocols like MFA. Educating faculty and staff on the risks ransomware poses to both personal and institutional data can help gain their support. Additional steps to consider:

• Foster a culture of shared responsibility: By promoting security as everyone’s responsibility, universities can encourage buy-in across departments.
• Involve faculty in decision-making: Engaging faculty in discussions about cybersecurity measures can improve adoption and ease implementation.

By addressing these challenges, universities can create a stronger, more resilient security culture that helps protect against ransomware attacks.

Expanding cybersecurity into broader institutional strength

Defending against ransomware requires a cybersecurity strategy that combines technology, education, and culture. As universities evolve, everyone—from students to faculty and staff—has a part in securing institutional data and systems. A holistic, proactive approach strengthens long-term protection for both data and reputation.

Higher education cybersecurity and ransomware protection

Protecting your university from ransomware requires a proactive strategy that combines advanced technology and community awareness. Brown & Brown can help assess your risks and strengthen your cybersecurity defenses.

Visit the Higher Education Practice page to see how Brown & Brown can help support your cybersecurity and risk management needs. To take the next step in protecting your institution, connect with us through our online contact form.