What Can be Done?
1. Take a Risk-Based Approach
It is impossible to secure everything. It is also redundant. Universities need to identify the most sensitive areas of activities, and increase the safeguards of these areas proportionally. For example, the jet-propulsion lab needs to have more robust security than the music faculty.
2. Consider Automation and the Use of AI
It’s unrealistic to expect universities to have sufficient manpower to operate complex security systems. Instead, they should opt for highly automatic solutions that require only a few analysts to combat the massive threats they are facing. It is essentially impossible to detect large-scale attacks without AI–at least not until it’s too late and most of the sensitive data is long gone.
3. Be Creative and Use Students as a Security Force
Universities are a hotbed for technology and tech training, so why not let the students “get their hands dirty” with some real-life security work? Students can gain crucial experience while at school, and universities could tap an unlimited supply of inexpensive, well-trained manpower.
4. Have a Security Mindset
Of course, none of this matters unless security is considered a high priority by the key decision makers. But many doctors and bankers now speak “cyber” and invest in security, so why not academics?