As college students head back to school, cybercriminals are heading back to work.
Hackers often target universities during the school year, and campuses are not equipped to handle the cybersecurity threats, according to a new report published Thursday by the security firm BitSight Technology.
In fact, colleges and universities fare worse than both the retail and health-care industries, when it comes to securing their networks, according to the report.
BitSight tracked the security performance of all colleges in major athletic conferences (Southeastern Conference, Atlantic Coast Conference, Pacific-12, Big 10, Big 12 and Ivy League) from July 2013 to June 2014. BitSight’s research found that on average all conferences experienced a significant decline in their performance.
As the academic year progresses, school security defenses likely weaken because of the influx of students and devices on campus networks, said Stephen Boyer, BitSight’s founder and chief technology officer.
All conferences saw a dip in their defenses, while students were back in school. But some conferences did fare better than others, according to the report.
On average, schools in the Big 12 scored higher for security performance than all the other conferences. The Atlantic Coast Conference ended the school year with the lowest security performance score.
Universities are gold mines for cybercriminals looking to cash in on people’s personal information, Boyer said.
Everything from students’ and faculty members’ social security numbers to football fans’ credit card information can be found on university networks.
Hackers may also be targeting universities because of the wealth of valuable research on the premises, he added.
“Interestingly, these universities are a trove of intellectual property. It’s difficult to quantify monetarily speaking, but if someone breaks into the machines used by grad students in the lab, they just saved themselves two years of research,” Boyer said.
And considering how intertwined universities are with other organizations—including government agencies—it’s likely a university breach could put other critical organizations in jeopardy, Boyer said.
“It’s really important to realize that cybersecurity is a systemic problem,” he said. “We are all on the same network, problems in one area can lead to problem in another, especially in universities.”
Malware, or malicious software, infections are among the biggest threats on college campuses. Flashback to the Trojan horse virus, which targeted Apple computers and stole personal information by disguising the virus as a browser plug-in. Such Trojan-like viruses are the most prevalent type of malware on college campuses, according to the report.
Other prevalent malware found on university networks include Adware, a kind of malware that targets users through online ads. Other persistent malware includes Conficker, which is a computer worm that targets Microsoft Windows operating system.
Boyer noted that schools with the highest scores had a dedicated director of information security or a chief information security officer on staff.