Healthcare and retail are most likely the first two industries you think of when it comes to security hacks or breaches. They’re stocked full of data diamonds waiting for the taking — social security numbers, addresses, birthdays, credit card numbers, bank accounts, and more. But what some people may not realize, higher education institutions house just about the same valuable information. Student records hold payment information, medical records, social security numbers and more. And students aren’t the only ones vulnerable, faculty, staff and alumni also store sensitive data in their files on campus systems. On the black digital market, a university record can run for up to $200 making this intellectual property extremely lucrative for cyber criminals.
Not only are higher education institutions a gold mine of personal information, their IT infrastructures and network security tools can be a nightmare to manage. Universities and colleges are a hot bed for bring-your-own-devices–think of all the laptops students bring to classes. Not to mention all the other devices that students, faculty and departments use to further their teaching techniques. Classrooms are moving more towards digital formats and as they do more and more unrestrained and unmanaged devices are hopping onto networks giving hackers a massive attacking surface with thousands of access points. And unfortunately, as more and more millennials start using social media platforms, they continue to open themselves up to risk and once a device is connected to a network, it’s a virtual backdoor into the entire IT infrastructure of an institution.
In 2012, a student from the University of Nebraska-Lincoln hacked into their PeopleSoft-based system (higher education software used from anything from payroll to ordering) and accessed over 650,000 personal records alone. In the 2017 Data Breach Investigations Report from Verizon, there were over 400 cybersecurity incidents in the educational sector last year alone with 73 of them resulting in data leaks. And developers and software companies aren’t focused on security for educators, for them it’s more about usability and functionality due to the wide-range of users who access them. On top of this, most attacks or malicious acts go undetected since attackers can easily log into the system as a registered user and then gain access to the common system functionality.
Additionally, universities and research institutions strive for an open flow of exchange of information and ideas, which basically means no defense for information. The user-friendly uniqueness of educational systems often tend to be what puts them at greatest risk. Not only that, but many institutions lack a well-educated security staff, or a full team at all.
The best way to prevent attacks and begin to protect their data is for institutions to first of all, start recognizing they are targets. Then it requires investing in top security defenses, which will require identifying their weaknesses. Other components that will need to be implemented into an institution’s plan of defense is to test and hunt for threats. Some of the top threats that organizations face are user education, cloud security, phishing, governance over data security, unsecured personal devices, and identity and access management.
IT teams and CIO’s can help reduce security risks through better user management and training, a proactive defense approach and more secure and effective collaboration among institutions. Other big threats are insecure settings, unencrypted connections, patch management, functionality, insecure trusted connections, default usernames and passwords, open interfaces that enable remote management, and access control measures. Taking into account all of these threats, security teams can better plan how to prevent data breaches.Comments »