Cyberattacks targeting Rutgers University and Penn State University have brought the issue of cybersecurity close to home—but also served to re-establish that higher-education institutions are unique targets.
Scott Christie, a partner in the cybersecurity and data privacy practice at Newark’s McCarter & English, called universities “relatively soft targets” when compared to other entities, such as financial institutions.
“Given the fact that it’s in the university context, it relies upon the level of security that the school network administrators impose, which may or may not be the same as a nonuniversity network,” he said.
Cybersecurity lawyers interviewed last October warned of universities’ vulnerability. But maintaining defenses at a university or anywhere else is not so much a question of foresight as it is one of the practicality: Email-based attacks often rely on breaching a barrier that Lenkey previously referred to as “the human fire wall”—which is often the last but weakest line of defense, he said.
Christie at McCarter & English noted that universities provide a high number of network access points, for student convenience, and aren’t necessarily on the lookout for actions such as large data file transfers or multiple request for access by a single user name, which would set off alarms for a nonuniversity client.