In 2020, dozens of universities in the UK, US, and Canada were left reeling when hackers stole the private details of users, including staff, donors, and current students and former students.
The breach occurred when US-based software firm Blackbaud, which provides cloud-based marketing, education administration, and fundraising software, suffered a ransomware attack.
Cybercriminals exfiltrated an “astronomical amount of data” from a long list of Blackbaud clients in the attack, according to one of several lawsuits filed against the firm.
The stolen information included social security numbers, bank details, and user passwords saved in unencrypted data fields. While Blackbaud paid an undisclosed ransom to the criminals for the data to be destroyed, experts speculate this could encourage more ransomware attacks in the future.
The scale of the attack – which impacted institutions including Oxford University, the University of London, Boston University, the University of Dallas, and Ambrose University – was shocking and served as a reminder of the numerous security risks and challenges of cloud computing.
However, perhaps more shocking is the sheer frequency of cyberattacks on universities and colleges.
One UK study, conducted in 2020, found that 54% of universities had reported a data breach within the past 12 months. Microsoft’s global threat activity shows the education sector is, by a long way, the industry most affected by malware encounters.
It’s not surprising that higher education institutions are a target for cybercriminals and cyberextortion. Many conduct world-leading research and possess valuable intellectual property as well as extensive databases of sensitive information and personal credentials. (Criminals have even attempted to steal coronavirus research.)
Aside from data loss, cyber-attacks can have widespread logistical and economic implications for universities. Last year, the Royal Melbourne Institute of Technology (RMIT) was forced to suspend new enrolments and leave casual wages unpaid after a suspected phishing attack. Production of student access cards was disrupted, and key services, including the ability to borrow from libraries, were frozen while IT systems were restored.
Finding a secure, digital and future-proof way to manage and secure student and staff identities on campus is a challenge many institutions are grappling with. The pandemic accelerated this need, as students could not physically attend campus to pick up their ID cards – adding to delays.
Digital identity verification: A vision for the future in higher education
Verifiable credentials are a groundbreaking new solution for universities to navigate these problems. ShareRing has developed the world’s most secure and flexible digital identity verification system, which can be tailored to fit many use cases with one technology.
Unique identifiers in a digital identity are linked to cryptographic keys to secure a user’s verifiable credentials, meaning such an ecosystem can be used in place of an ID card on campus. Students can store a QR code as decentralized data on their phones, accessed through an identity management app such as ShareRing. This code provides access to benefits such as library services and student discounts and allows staff and students secure access to buildings without the need for passcodes or keycards.
Such digital credentials can be issued instantly, eliminating the lengthy process of printing and collecting ID cards at the start of term.
Even better: Due to the secure nature of blockchain, users retain control over their data at all times – eliminating the risk of a cloud-based cyberattack.
As part of a digital identity ecosystem, this credential can be extended to alumni worldwide – keeping former students connected and providing them with a lifetime of access to documents such as certificates and transcripts through their ShareRing Vault, without the need to make time-consuming requests – or risk losing paper copies of important documents. This also mitigates the need for universities to manage alumni mailing lists for decades.
And, when it comes to graduate job applications, students can quickly and easily share their transcripts with potential employers by accessing them in a digital format with their Vault – no risk of losing paper versions and no risk of tampering along the way.
eKYC processes, which universities can also use in the ecosystem, allow students to make seamless applications to a school or exchange program without excessive, cumbersome, and repetitive paperwork.
Indeed, anywhere that requires centralized digital access – from academic web portals to e-commerce platforms – can be part of this tailored ecosystem, doing away with the need for usernames and passwords altogether.
RMIT’s Blockchain Innovation Hub has recently partnered with Microsoft Azure Active Directory to use verifiable credentials in a pilot program it describes as “a vision for the future.”
At ShareRing, we agree with this vision. By creating a digitized ecosystem based on verifiable credentials, universities can make life more efficient for staff and students, save costs, improve alumni connections and improve security.
Ready to enter the future of digital identity? Get in touch today to find out how ShareRing can work for your university or educational institution.