Universities are at high risk of a data breach due to their complex environment combined with their extensive valuable data. The challenge security teams face from data sprawl makes it difficult to understand the true health of their data; where it is, who has access, what controls are in place, what classification it requires, who owns and manages the data. Data sprawl increases the risk of any of this data being exfiltrated and sold online.

Generative AI will increase the success rate of social engineering attacks and in particular phishing attacks. University students have always been a high target for phishing attacks and cybercriminals have increased in using deepfake social engineering attempts to validate phishing attempts and create engaging, personalised and more sophisticated attacks to lure users into providing information or access to internal systems.

The widespread integration of poorly secured IoT devices within universities, such as student ID cards, automated attendance tracking systems and temperature & environmental sensors are increasingly being connected to the internet. This increases the attack surface for universities exponentially. Recent ZScaler research shows a 400% growth in IoT malware attacks in 2023, which will only increase estimated to grow worldwide to over 29 billion by 2030.

The recent Israel-Hamas war and ongoing war in Ukraine has shown the willingness of nation state actors to engage in global cyber-attacks which is unlikely to slow down. Universities will remain a top target for geopolitical reasons and access to high value cutting-edge research and development. Universities also look like a government from the perspective of systems, different functional areas and different types of data. They are therefore an attractive target if someone is practicing for a state-attack, a university is a good training ground for that.

From unsophisticated attackers buying cheap ransomware kits online and from sophisticated attackers attempting double extortion, ransomware will continue to grow in 2024 for universities and higher education; Firstly, through disrupting core services such as admissions, enrolment, teaching and access to business-critical applications in the hope that they will get a payoff for getting services back online and Secondly through data extortion and selling the valuable data on the dark web to those who engage in identity theft.

With cloud-based learning platforms and the use of gen AI for education sector, such as Notebook LM, the attack surface is increasing significantly in the digital transformation journey for universities and higher education. As the sector is reimagining how to bring people, data, and processes together, they need to ensure that their underlying technologies and softwares are not outdated, vulnerabilities are patched and managed and systems are constantly monitored and upgraded to avoid an easy entry for cyber criminals within the systems.