Cybersecurity threats continue for Illinois public institutions

Lincoln College in Logan County closed its doors for good after 157 years in operation in 2022, becoming the first U.S. institution of higher learning to shut down in part due to a ransomware attack. The school was named after President Abraham Lincoln and broke ground on his birthday in 1865. It was one of only a handful of rural American colleges that qualified as predominantly Black institutions by the Department of Education.

A cybersecurity threat is the threat of a malicious attack by an individual or organization attempting to gain access to a computer network, corrupt data, or steal confidential information. No organization is immune from cyber-attacks and data breaches. Some attacks can even destroy computer systems. The most common cyber-attack is malicious software, more commonly known as malware. Malware includes spyware, ransomware, backdoors, trojans, viruses, and worms. 

In addition, more than 90 percent of cyber-attacks begin with a phishing e-mail to an unexpected victim. And nearly one-third of all successful breaches involve the use of phishing techniques. It is advisable to only open attachments when an individual is expected them and know what they contain, even if it is coming from a known sender. 91% of all cyber attacks begin with a phishing email to an unexpected victim | Deloitte Malaysia | Risk Advisory | Press releases

At Lincoln College, cyber criminals encrypted many of the school’s files, and the institution no longer had access to critical enrollment, admissions, and fundraising information. A ransom note was included, and the school paid out a large, but undisclosed sum (less than $100,000) via its cyber insurance policy. Still, it took months for employees to regain access to all of their systems. 

This delay served as the final blow, and the Lincoln College Board of Trustees voted to close the school for several reasons. Enrollment projections for the next year, once discovered after the attack, were very low. Coming on the heels of the COVID-19 pandemic, the college was already on shaky financial ground and enrollment and fundraising numbers were declining steeply. The timing of the events that led to the closure was particularly shocking and unsettling for students, as the college had celebrated its highest-ever enrollment, just before the pandemic, during the 2019-20 academic year. 

“The shocking closure of Lincoln College left hundreds of students’ futures in limbo,” stated Rep. Bill Hauter (R-Morton). “Thousands of students and faculty members will cherish their memories and experiences from Lincoln. Many small colleges and universities are already facing difficult futures in the modern economic climate, and these cyber-attacks are pouring salt on top of the wound. We must acknowledge these threats and work to combat and prevent them from happening.”

Hackers also executed a cyber-attack at Heartland Community College in Normal in 2020. The timing of the attack was targeted, in the middle of the night, and about half of the college’s servers were taken out. In response, the school budgeted $1 million in response to improve cybersecurity measures. In addition, the cost of the attack was estimated at $500,000, with half of that expected to be reimbursed by insurance. 

At Illinois Valley Community College in Oglesby, hackers shut down the college’s servers shortly after the COVID-19 pandemic hit and the campus had shifted to all online classes. The attack locked the college out of its own networks and caused the website and e-mail system to crash. A ransom note was left, but administrators did not respond to the message. Outside consultants were hired, and servers were unlocked before online classes could be disrupted. Most of the data was able to be recovered, and the school spent more than $250,000 for system updates, rebuilding security systems, and server backups. 

Colleges and universities operate on a more easily accessible network for the purpose of sharing knowledge, making them prime targets for cyber-attacks. They also have the benefit of harboring many types of sensitive data that criminals can potentially exploit. Cyber-attacks are increasing in number, sophistication, and cost across all industries. As states struggle to recover from the pandemic and face recession predictions for the future, funding for higher education is likely to take more severe hits. Shrinking budgets make it harder to invest in cybersecurity measures. 

Cyber insurers are often paying out more money in response to these breaches and attacks. Premiums have increased by as much as 300 percent for colleges and universities, and those types of increases are not sustainable for many institutions. This leads to the question of where colleges and universities should invest in cybersecurity resources in the future. There are potential pathways forward, including fully embracing a zero-trust model of defense, among others. Whichever path or plan is chosen, educational institutions remain in a very precarious position.