Chief information security officers grapple with the fast-paced cyberwar waged on higher education.
The number 1 issue for higher education IT leaders this year is information security, according to EDUCAUSE leaving chief information security officers the task of combating a variety of issues as they try to keep their campuses safe from cyber criminals. Information security regularly shows up on the EDUCAUSE Top 10 list, though it earned the first spot this year.
Universities are in an expensive arms race scrambling to buy new tools and revise tactics to counter the latest cyberattacks. Meanwhile, the attackers find ways around the tools, switch strategies and hit different targets. Cyber security continues to be an ever moving target.
Whatever the outcome, this can be expensive for Universities. If they lose a fight, they’ll get hit with financial losses. If they win a fight, they probably invested plenty of money in a good security program.
In this race, chief information security officers have to make choices about what security risks they will tackle first leaving some to fall to the bottom of the priority list, which is why so many universities were hit by networked printer hacks this past spring. While the hack was annoying, it didn’t shut down research and education, which were much higher priorities. That said, this hack is a harbinger of some of the challenges that the Internet of Things could bring to the field.
Chief information security officers cited eight major challenges they’re dealing with today.
Just under a third of users opened emails in 2015 that were designed to trick them into clicking a malicious link or downloading malicious software attachments, according to the Verizon 2016 Data Breach Investigations Report, which analyzed 2,260 breaches and covered more than 100,000 incidents. That’s up from 23 percent last year.
- User education
Students have a full load, faculty work 60 hours a week, and the rest of the staff members are working on teaching, learning and research. With these busy schedules, cybersecurity awareness often takes a backseat to teaching and learning.
- Cloud security
Cloud computing works well for the IT side of the university, but it also presents challenges for Chief Information Security Officers.
The cloud has taken off like crazy, and it’s a great help, but at the same time, it’s complicated from an information security perspective because there’s a lot of due diligence that has to take place.
- High-profile information security strategy
Security doesn’t always top the list of university leaders’ priorities. But with risks and consequences rising, it’s important to get security on the radar at the executive level and establish a comprehensive strategy that has buy-in from the top down.
- Next-generation security technology planning
In this expensive arms race, it’s difficult for universities to catch up with the tools that the cybersecurity industry creates given the limited resources they have, and they have to figure out a plan for how they will make sure their security tools are as up to date as possible.
- Identity and access management
Universities also deal with the challenge of putting systems in place that will control who can access different applications and what level of access they need.
- Governance over data security
When universities aren’t centralized, it’s more challenging to govern data security.
- Unsecure personal devices
With faculty members and students bringing so many devices on campus, the security staff members don’t have the opportunity to make sure those devices are safe and secure.
To tackle these challenges, Chief Information Security Officers suggests three standard approaches that will help reduce information security risks:
- A proactive, deep-defense approach
- User training
- Higher education collaboration among institutions
The strategies will vary depending on each institution’s risk factors and management plan for those risk factors. If you’re looking to keep your higher education institution safe let GovDirect help! Visit GovDirect.com or email email@example.com for more information.