Colleges like to compare themselves to each other.
Pitt measures itself against its state-related siblings Penn State and Temple and its neighbors like Duquesne University and Carnegie Mellon. They all pay attention to where they fall against their peers on other lists. Which is ranked highest in U.S. News and World Report? Which is most expensive? Which has the highest graduation rate? Which gets the most grant money?
Now Butler County Community College is in a group that contains Michigan State University, Howard University, Oberlin College and the University of California at San Francisco. Those are some impressive names.
Unfortunately, it’s not a great club to join. All of these are among the colleges and universities that have been targets of ransomware.
BCCC canceled Monday and Tuesday classes after the cyberattack. It couldn’t come at a worse time, as this week was slated to be online only to reduce potential covid-19 spread.
The school is just the most recent of thousands to have data held hostage by cybercriminals. By the end of July, the U.S. Cybersecurity and Infrastructure Security Agency had pinpointed 2,084 ransomware complaints and $16.8 million in losses in 2021 alone. That was a 62% increase in reports and 20% increase in losses.
The problem with that? There is no way of knowing how many ransomware attacks aren’t reported. Kudos to BCCC for being open about the problem, as have other regional victims such as the Allegheny County District Attorney’s Office in 2015 and the Westmoreland County Housing Authority in 2018.
Ransomware is a crime that feeds on embarrassment. The perpetrators know that not only is the data important to a school or government office or hospital or bank or the Pennsylvania Senate Democrats — they were hit in 2017 — but so are the reputations involved. Protection of information or ability to work safely and securely are important to these organizations, and the temptation to circle the wagons is strong.
But like domestic violence or other crimes that make victims feel complicit, ransomware is best handled by being honest about the assault.
The more the public and other businesses and organizations know how common and detrimental cyberattacks are, the more seriously security will be taken.
The best defense is not so much offense as it is knowledge. That makes it very appropriate that BCCC is teaching such an important lesson by not holding classes.
