A recent attack on the university has made it clear to everyone that IT systems are vulnerable, and cyber protection is more necessary now than ever before. The government has reacted by installing a new unit specialized in cybercrime. Still, the best protection is prevention.

In the night from the 15th to the 16th of August, hackers shut down the IT systems of the University of Liechtenstein. It took about three weeks to get all systems back to work. Quite a shock for many: The University is the only university in Liechtenstein with about 800 students and 200 employees.

Unknown criminals infiltrated the systems with ransomware and completely shut down the university. Employees couldn’t access their emails anymore, and students couldn’t register for classes. The regular website of the university was down as well. The university quickly launched a tool to enable students to register again and used Dropbox as a temporary solution to organize classwork.

Police are investigating

The cyberattack on the university shows how vulnerable IT systems are. Not only in Liechtenstein. A cyberattack on the Technische Unversität in Berlin in April 2021 inflicted similar damage. It took over four months to get things back to where they were before the attack. Likewise, in Vaduz: The semester could start as planned in September, but the university is still busy with the attack’s aftermath. Part of that is also to make systems more secure, to prevent future attacks.

It’s still not clear who was behind the attack, says the university. The police are investigating. It’s also unclear why IT systems got infiltrated with ransomware, but nobody asked for ransom payments. And another question is how the hackers could get into the systems in the first place.

Cyber threats are increasing

Jules Hoch, Chief of the Police, said in an interview with Liechtensteiner Vaterland back in 2020 that increasing digitization will come with additional challenges for law enforcement. In particular, as the COVID-pandemic has rapidly accelerated digital trends, criminals have stepped up their cyber activities. Therefore, the police have launched a unit for digital crime (“Kommissariat Digitale Kriminalität”) to tackle the increasing cyber threats.

The unit is combining and expanding Liechtenstein’s competencies in the area of cybercrime defense. The goal is to create a center of competency, including the departments of IT-Forensic and IT-Investigations. It was launched in August and is headed by Robert Lins. He previously worked in the IT department at Liechtensteinische Landesbank for 11 years and was a software developer at Netcetera in Vaduz.

Prevention is the best protection

Robert Lins and his department likely won’t complain about too little work. Cyber threats are rising. The university hack was a high-profile case this year but with little damage compared to what could have happened. Cybercriminals often target small enterprises, which they expect to have relatively weak defense mechanisms in place.

A full-blown cyber attack can result in severe damages, even in the bankruptcy of a business. It’s not just the immediate economic damage through ransom payments or data loss but also the long-term reputational damage that can knock out a business. It’s thus extremely important for companies but also private households to keep their security up-to-date.

A common misconception is that most cyberattacks result from weak IT systems, while they are often the result of human failure. Phishing attacks, weak passwords, and a general unawareness of online threats are the most common points of attack. So the best any business can do is make sure the workforce is well trained.

Image: (C) Shutterstock