Unsafe at any Bandwidth: Towards Understanding Risk Factors for Ransomware in Higher Education

Abstract

United States higher education institutions host an assortment of services that are accessible via public IP addresses. The wide variety of network services and the important personal and institutional data stored on such services make higher education institutions particularly desirable targets for attackers. This study analyses the vulnerabilities found through Shodan scans on these networks, in conjunction with institutional characteristics data taken from the National Center for Education Statistics (NCES), to examine correlations between an institution’s characteristics and the vulnerabilities found on its networks. By exploring this data, the study aims to bring awareness to the current state of higher education institution network security and determine vulnerability trends between certain institutions. Our analysis reveals that most institutions have many medium impacts but highly exploitable vulnerabilities, with most being on Apache HTTP servers. We also present that the most significant indicators of an institution’s vulnerability are its enrolment and yearly total expenses. We investigate how smaller institutions have lower numbers of vulnerabilities, but their vulnerabilities have the potential for higher impact. We conclude that there is a significant chance of ransomware risk in US higher educational institutions.