Cybercriminals Gain a Hacking Edge on Government and Higher Ed

The week in cybersecurity includes news about a surge in COVID-related hacking attacks on government and colleges and how facial recognition technology is losing ground as demands rise for police reform.

The University of California, San Francisco in June suffered a COVID-related cyber attack on its School of Medicine. (Shutterstock)
COVID-19 is fueling an uptick in ransomware attacks and giving cybercriminals an edge. According to Government Technology’s* cybersecurity reporter Lucas Ropek, a report from cybersecurity vendor Check Point Research shows that COVID-themed phishing attacks increased globally across all sectors between February and late April, jumping from 5,000 per week to over 200,000 per week. These attacks occurred in almost all sectors, including "governments, industry, healthcare, service providers, critical infrastructure and consumers."

For state and local governments, that has meant that hackers have increased their "focus on so-called 'soft targets' — local governments, public administration agencies, education, and even hospitals," reports vendor SonicWall in their 2020 mid-year report. Some states have been hit more heavily than others, with Maryland, Florida, Michigan, and Tennessee having some of the highest rates. 

A Pew poll last September showed that only around half of Americans thought police departments could be trusted to use facial recognition responsibly. Even fewer Americans thought the biometric tool should be used by advertisers or tech companies.

Now, as calls to defund, divest or otherwise drastically alter police departments have escalated, a fairly hostile regulatory landscape
is emerging for facial recognition, reports GT’s Ropek. Some municipalities are considering outright bans and a number of potential laws threaten to drastically curtail the industry. 

To a large degree, the police protests have reset the legislative conversation. Previously, face recording moratoriums had been introduced in cities across the country, but almost all of these bills floundered, frequently after localized pressure from the tech lobby.

Now, however, these regulations are seeing renewed interest. Much of this momentum has likely been engendered by the now heightened relevance of arguments long made by civil rights groups: that facial recognition inordinately targets marginalized communities and, in some cases, reinforces a "racist" system of policing.  

As COVID-19 cases in the U.S. continue to climb, government and higher education leaders have been focused on doing what it takes to protect campus communities from the global pandemic.

But college and university leaders would be wise if they were just as vigilant about protecting their sensitive data from the cybercriminals who are becoming increasingly sophisticated about encrypting the colleges’ data and making the colleges pay a ransom to get it back.

Such ransomware attacks on universities have become common. In 2019 alone, 89 U.S. universities, colleges and school districts became victims of such attacks, followed by at least 30 in the first five months of 2020.

Along with the financial services industry, the education sector
is one of the two most common targets of these attacks.

*Government Technology is Governing's sister publication.

Tod is the managing editor of Governing and the contributing editor of our sister publication, Government Technology. He was previously the editor of Public CIO, e.Republic’s award-winning publication for IT executives in the public sector, and is the author of several books on information management.