Cybercriminals Gain a Hacking Edge on Government and Higher Ed

COVID-19 is fueling an uptick in ransomware attacks and giving cybercriminals an edge. According to Government Technology’s* cybersecurity reporter Lucas Ropek, a report from cybersecurity vendor Check Point Research shows that COVID-themed phishing attacks increased globally across all sectors between February and late April, jumping from 5,000 per week to over 200,000 per week. These attacks occurred in almost all sectors, including "governments, industry, healthcare, service providers, critical infrastructure and consumers."

For state and local governments, that has meant that hackers have increased their "focus on so-called 'soft targets' — local governments, public administration agencies, education, and even hospitals," reports vendor SonicWall in their 2020 mid-year report. Some states have been hit more heavily than others, with Maryland, Florida, Michigan, and Tennessee having some of the highest rates. 

A Pew poll last September showed that only around half of Americans thought police departments could be trusted to use facial recognition responsibly. Even fewer Americans thought the biometric tool should be used by advertisers or tech companies.

Now, as calls to defund, divest or otherwise drastically alter police departments have escalated, a fairly hostile regulatory landscape is emerging for facial recognition, reports GT’s Ropek. Some municipalities are considering outright bans and a number of potential laws threaten to drastically curtail the industry. 

To a large degree, the police protests have reset the legislative conversation. Previously, face recording moratoriums had been introduced in cities across the country, but almost all of these bills floundered, frequently after localized pressure from the tech lobby.

Now, however, these regulations are seeing renewed interest. Much of this momentum has likely been engendered by the now heightened relevance of arguments long made by civil rights groups: that facial recognition inordinately targets marginalized communities and, in some cases, reinforces a "racist" system of policing.  

As COVID-19 cases in the U.S. continue to climb, government and higher education leaders have been focused on doing what it takes to protect campus communities from the global pandemic.

But college and university leaders would be wise if they were just as vigilant about protecting their sensitive data from the cybercriminals who are becoming increasingly sophisticated about encrypting the colleges’ data and making the colleges pay a ransom to get it back.

Such ransomware attacks on universities have become common. In 2019 alone, 89 U.S. universities, colleges and school districts became victims of such attacks, followed by at least 30 in the first five months of 2020.

Along with the financial services industry, the education sector is one of the two most common targets of these attacks.

*Government Technology is Governing's sister publication.