HigherEd is in need of a IT Security reboot

There has been a noticeable uptick in the number of cyberattacks targeting educational institutions in the past few years. From ransomware attacks that cripple IT systems to data breaches leaking sensitive student and faculty information, the threats are varied and increasing. In 2023, over half of higher education providers suffered ransomware attacks. Software vulnerabilities also pose a significant data breach risk to the higher education industry. 48% of all universities and 70% of the top 500 universities were detected with software products with known exploited vulnerabilities.

 

• Valuable Research Data: HigherEd institutions are at the forefront of groundbreaking research. This makes them attractive targets for state-sponsored actors and cybercriminals eager to get their hands on intellectual property.
• Diverse User Base: With a mix of students, faculty, and staff accessing the network, the user base is vast and varied, increasing the potential entry points for malicious actors.
• Open Networks: Academic freedom often translates to open and easily accessible networks, making them more vulnerable.
• Legacy Systems: Many institutions still rely on outdated IT systems that are more susceptible to breaches.
• Organizational Structure: Unlike corporate environments with centralized IT functions, educational institutions often have decentralized systems. Various departments or faculties might have their own IT teams and infrastructure. While this fosters innovation and autonomy, it also means there’s no uniform cybersecurity strategy across the board, leading to potential weak links.

 

• Centralize Cybersecurity Efforts: By centralizing cybersecurity protocols and strategies, institutions can ensure a consistent security posture across all departments.
• Regular Training: Regularly train students, faculty, and staff about the importance of cybersecurity, emphasizing practices like strong password usage and recognizing phishing attempts. Strong awareness is relatively inexpensive protection.
• Implement Multi-Factor Authentication: Add an extra layer of security by requiring multiple forms of identification before granting access to sensitive information.
• Update and Patch Systems: Ensure that all software and systems are regularly updated to fix potential vulnerabilities.
• Engage Cybersecurity Experts: Collaborate with cybersecurity professionals to assess vulnerabilities and devise strategies tailored to the unique needs of the institution.
• Implement third-party risk assessments: Universities worth with multiple IT vendors to put together their stacks. Putting in place safeguards that detect vulnerabilities in vendor systems, especially in cloud environments, can reduce risks.
• View security as a strategic investment: Leadership often provides budgets that are inadequate to protect IT systems. There has to be a shift in attitudes to investing in talent, software and protocols that prevent cyber incidents. This implies a cultural change and is hard to do but important for long term defense against threats.

 

University of California (UC) System: In early 2021, the UC system fell victim to a ransomware attack due to vulnerabilities in a third-party software. Personal data of students and staff were compromised.

Washington State University: In July 2023, several third-party vendors notified the university of a vulnerability in the popular file sharing application MOVEit Transfer that may have exposed personally identifiable information of current and prospective students as well as employees. WSU did not use the MOVEit software, though several of it’s third-party service providers including the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA) do.

 

HigherEd institutions, with their vast repositories of knowledge and open environments, are attractive targets for cybercriminals. However, with proactive measures, strong leadership commitment, and a unified cybersecurity strategy, they can defend themselves against ever-evolving digital threats. In case you are looking for the right cybersecurity solution for your university, you can browse thousands of products and services on Cypher here.