Campus networks are (very) vulnerable to malware

It’s no shock to anyone in higher education that campus networks are susceptible to data breaches, though a new report shows that colleges and universities are much more likely to contain malware than business and government networks.

A 2012 report showed that data security was IT officials’ No. 1 concern.

A report from cloud-based web security service provider OpenDNS shows that colleges and universities are three times as likely to contain the malware known as EXPIRO when compared to networks in various levels of government and the business sector.

Campus technologists have for years said that higher education’s culture of openness poses a real and persistent IT security threat, as campus networks that house sensitive information about thousands of students, parents, alums, and faculty are targeted by hackers trolling the internet for valuable data.

“Our research shows that while higher education institutions face the same cyber-attacks as enterprises and government agencies, they tend to be compromised by malware and botnets at a much higher rate,” said Dan Hubbard, chief technology officer of OpenDNS. “Clearly colleges and universities must operate more open networks and support an endless number of access devices which puts them at higher risk; however, by implementing some fundamental security best practices it is possible to significantly reduce and contain the current rate of infections on campuses.”

EXPIRO malware, according to the OpenDNS report, is by far the greatest threat to college campus IT networks. The malware is installed without anyone noticing when a student or university employee visits a website that hosts a Java or Adobe PDF.

EXPIRO, once it’s downloaded, works quickly to take user and system information, and the enormous scale of campus networks — along the the bandwidth required on a daily basis — makes it difficult to combat the malware, according to OpenDNS.

See page 2 for details on what a 2012 study said about campus IT security concerns…

Colleges’ vulnerability to the EXPIRO malware is just the latest reason for higher education’s increasing focus on protecting data.

A survey released last year showed that eight in 10 colleges and universities allow students to access the school network with any mobile device they bring to campus, but less than half have an official policy for enforcing certain security standards before a smart phone or computer tablet can use the school’s internet connection.

Those findings – along with a range of others showing campus technologists fret over student and faculty data security – were detailed in an report from CDW-G that listed higher education’s most persistent IT concerns.

Without requiring students to comply with mobile-device safeguards that protect against their smart phone or iPad making the campus network vulnerable to hackers, botnets, or malware, Social Security numbers, credit card numbers, and other personal information remain at risk.

Join the conversation with #eCNBigData.