A ransomware attack on Blackbaud, a US cloud computing provider, back in May has led to data breaches across numerous universities and NGOs. This includes the University of York, University College London, University of London, Human Rights Watch and Young Minds. As a result of Blackbaud’s delay in responding to the incident, it is likely they will face a GDPR investigation, reports Infosecurity Magazine.
In an email to the IT Security Guru, Chris Ross, SVP at Barracuda Networks, explained: “University servers store a wealth of invaluable data including confidential research and sensitive student and staff information, such as addresses, passwords and even payment details. This makes higher-education institutions a hot target for opportunistic cyber criminals looking to acquire such data for financial gain. And, with more students than ever relying on cloud infrastructure to manage the transition to digital classes and online exams, the threat facing them has never been higher.”
Paul Edon, senior director of technical services (EMEA) at Tripwire, stressed the importance managing third-party suppliers: “Many universities employ third-parties to help manage and secure their systems. It is imperative that these third-parties are aligned with the university in their security objectives and are regularly audited to ensure they are meeting the service level agreements. Any misalignment or failure to meet agreed service levels can result in serious loop-hole in the overall security of the institution”.