Cybersecurity is a hot topic and a major concern for all organizations. No one is immune, and indeed, higher education institutions can fall victim to large breaches as well. In fact, according to PrivacyRights.org, below are a few examples from the last 6 months:
Date | Name | Records Lost |
22-Apr-14 | Iowa State University | 29,780 |
27-Mar-14 | The University of Wisconsin-Parkside | 15,000 |
20-Mar-14 | Auburn University | Unknown |
6-Mar-14 | North Dakota State University | 290,000 |
26-Feb-14 | Indiana University | 146,000 |
19-Feb-14 | University of Maryland | 309,079 |
27-Nov-13 | Maricopa County Community College District | 2,490,000 |
Theft, intellectual property loss, and loss of individual's personal data affect all organizations in varying degrees. While higher education institutions face many of the same challenges as government and commercial organizations, they also have worries that are unique to their environments. Some of the higher education specific cybersecurity topics include:
Threats have become more sophisticated and protecting the enterprise with these topics in mind needs to be more sophisticated also. It is no longer enough to harden access to the network and think you are OK. Because the bad guys trying to steal your data are using so many different types of attack, effective defense requires a multi-level approach.
Cisco recently acquired SourceFire, and we have adopted their frequent question to customers:"If you knew you were going to be breached, what would you do differently?" The 2014 Cisco Annual Security Report studied the web traffic of corporate networks and every one had connections to domains that are known malware threat sites or threat vectors -an indication that bad things are on every one of these networks and likely on most networks. Think about the question again -what would YOU do differently? That is what we all should be doing.
We recommend looking at the Attack Continuum of "Before, During, and After" with the following actions for each phase:
The conventional perimeter protections such as firewalls, intrusion prevention, and anti-virus are still part of a good defense in depth framework, but more is now needed. We offer many parts of the solution, of course, and have experts who work with universities to address their specific security needs. But no matter who you work with, please look carefully at what you can do differently to protect your students and your institution from these new, advanced threats.
Our upcoming whitepaper will focus on some of these trends, challenges and strategies for higher education. You can register to receive the whitepaper as well as a compilation of all the#HigherEdThursdays blog series upon completion. Reserve your copy now.
Happy#HigherEdThursdays!