Why are Universities a Cyberattack Target?

By NYU IT Staff | September 29, 2022


An Interview with NYU CIO Don Welch and CISO Rich Sparrow

Cyberattacks against universities are on the rise. In this video, Don Welch, Vice President for Information Technology and Global University CIO, and Rich Sparrow, Associate Vice President and Global University Chief Information Security Officer, discuss why universities are a target, the type of information that can be put at risk, and the steps NYU community members can take to help make NYU a more cybersecure environment.

DON: People have the mistaken impression that serious criminals are not interested in universities. That is wrong. Universities have a lot of things that criminals and others would like. Research universities especially are in the business of creating knowledge. And a lot of that knowledge we want to share, but we want to make sure that we share it on our terms.

RICH: We have a very unique mission in teaching and learning and research. And with that, we have to innovate and we have to foster experimentation. Higher education, it's almost like a city. We have multiple activities that we carry on. So we have the education activity, we have the health care activity. We run complicated businesses. Sometimes some institutions have power plants, their own police force, health care. All of those things together just make us a really excellent target.

DON: You have money, you have intellectual property, you have an identity, and a university has lots of people, lots of money, and lots of things that adversaries want.

RICH: Often in higher education we have a really interesting mix of technology. Some of it that's really current, up-to-date, easy to secure, and some of it legacy, which is very difficult to secure.

DON: They're coming after us all the time. So we want to make sure that we're protecting ourselves and helping the university protect us.

RICH: In higher education, we work openly. We encourage all this collaboration, which is really great. It's the strength of what we do. It really furthers research. But we still need to pay attention to who we communicate with and how we validate who we're communicating with.

DON: Just like we lock our doors, we lock our cars, we do common sense things. We have to, as individuals, do the basics so that our cybersecurity and our IT people can do the other things to help make our environment safer and protect us.