The Final Four no college wants to make

“The nature of higher ed is to foster an open academic environment, which is a nature at odds with the need to protect sensitive information and be mindful of security issues,” the report said. “Changing this nature requires a philosophical shift in the way these institutions view sensitive data.”

Alex Rothacker, director of security research for Application Security, said growing security threats have motivated campus IT departments to operate more like the private sector in recent years.

“Sensitive data is not something that’s part of the academic exchange,” he said. “Of course you want to have an exchange of ideas and knowledge, but most of these colleges are run like businesses to a large extent, and that’s a good thing.”

More on data security in higher education…

Campus Network Security Made Easy

Even with bolstered cyber security measures, Rothacker said, colleges will still have to fend off a growing number of network hackers who know the financial value of a campus database.

“A new focus might dampen that effect for a while,” he said. “But hackers have figured out how to make lots of money doing this … and there’s large organized crime behind this. They’re going to keep trying.”

That means college IT chiefs might be unaware of major attacks for months after they happen. The report mentions a Georgia campus whose “perimeter layer protections” were breached in December 2009. It wasn’t until February 2010 that officials discovered more than 170,000 records were illegally accessed.

"(Required)" indicates required fields