Can Cybersecurity and Connectivity Coexist in Higher Ed?

June 22, 2016 · steveverbanic · · Comments

The open and connected environments in higher education help foster collaboration and innovation. Yet these environments are also creating cybersecurity vulnerabilities. With tight budgets that are focused largely on educational resources, IT teams at colleges and universities are not only constantly competing for funding but also fighting a losing battle against cybercriminals.

Higher Ed a Growing Target

A growing number of universities have been attacked in the last couple of years. As an industry, education is only third — behind healthcare and retail — in the number of data breaches. And in the last few months, an alarming number of universities became victims of ransomware attacks.

As some highly publicized cases have shown, ransomware can be tremendously crippling to an organization, locking staff out of entire systems and halting communications. But data breaches also have a major impact — a compromise of sensitive data can take months and even years to remedy.

One of the factors that make higher ed an attractive target is the amount of available data—from the social security numbers of thousands of employees and students to financial information and intellectual property. Universities that offer medical services are even more appealing because the PII (personally identifiable information) contained in health records is much more valuable on the black market than credit card numbers.

Complex Infrastructure Adds Additional Risks

Higher ed is facing a double whammy by being both an attractive target and having a complex infrastructure with a number of inherent vulnerabilities, including:

  • Networks that are accessible 24/7 and offer high bandwidth to cater to a transient, academic population with high connectivity demands
  • A growing number of mobile devices connected to the networks — brought by students and staff and issued by the college
  • The expansion of the Internet of Things to include everything from lab equipment to vending machines, which adds to the number of potential breach points
  • Limited IT resources for performing frequent, regular patching and updates for the hundreds or thousands of computers running on different operating systems across the campus

Balancing Security and Openness Requires Solid Strategies

Today’s cyber practitioners understand that it’s not a matter of “if” but “when” a data breach will occur, and their focus is shifting toward incident response and mitigation. While defenses like firewalls and antivirus software are important, alone, they’re no longer enough.

A multilayered approach to cybersecurity is the best strategy in the ever-evolving threat landscape. Some best practices include:

  • Incident response planning: It’s much easier to respond to a breach if you’ve put some advance thought into a plan, rather than trying to react in the middle of a crisis
  • Threat assessment: A cyber threat assessment by an independent party can help highlight gaps that are more challenging to detect by an in-house team spread thin and limited in its knowledge of the latest threats
  • Multilayered defense technology: A multilayered cybersecurity approach must account for all the complexities of the network infrastructure, including the growing BYOD and IoT trends

Colleges and universities need to treat innovation and security as two sides of the same coin rather than competing priorities. A team of outside experts from a network security provider like SLAIT Consulting can be invaluable to creating a strategy for responding to and mitigating cybersecurity threats.

Securing an open exchange of ideas and intellectual property is challenging — but can be accomplished with the right team to weave in the best in cyber defense technologies and latest best practices.  Learn more about SLAIT security services!