Right now, we’re all dealing with challenging times. Revenues for organizations across-the-board are decreasing, and security threats have only increased since the pandemic. Many colleges are also seeing enrollments drop by unprecedented percentages. And pundits continue to debate whether we’re heading for—or are already in the midst of—a recession. There are pressures now on all departments to demonstrate efficiency.
For these reasons, higher ed institutions may look to economize in more strategic ways than they have considered before. Through thoughtful analysis of their security solutions, IT managers at educational institutions may be able to optimize their security stack while also reducing overall spending in this area.
Cybersecurity is one of the most crucial areas in which colleges and universities can invest, especially when it comes to securing an organization’s email data. Ninety percent of breaches occur due to phishing attacks that target email addresses. Yet few decision makers realize that higher-tier security offerings from companies such as Proofpoint, Google, or even Microsoft don’t necessarily offer the best range of security capability for the value. These companies may want to consider a different strategy, like layering or swapping-in a more specialized security solution, which often comes at a lower price point to boot. These independent security vendors may offer an abundance of advanced features, especially specific to inbound and outbound email data protection.
SEG vs. AI-based Security
Many top-branded security products still rely on traditional “SEG” or security email gateway methods to deter threats. This means their security gateways filter and block incoming emails based on whether those messages came from already-known malicious addresses. This filtering process is known as blacklisting, and is the basis for many traditional (yet often high-priced) solutions.
It’s true that a major percentage of threats come from well-established malicious IP addresses. However—and this is a big however—cyber criminals are motivated and skilled, and have developed phishing and imposter techniques that require far more advanced tools than straight IP-based filtering. The latest cyberattacks involve the hacking of email accounts owned by high-level district personnel. Malicious actors impersonate those administrators, requesting either bank transfers or confidential credentials from colleagues throughout the educational network. Staff and students have been similarly victimized by imposter emails that get them to reveal passwords and other sensitive network information.
These “social engineering” attacks can only be detected by solutions that use advanced AI filters and optical character recognition tools that interpret text in imposter emails. These tools flag key words and phrases like “wire transfer” or “sign in,” and quarantine those messages for further inspection. Most administrators are not aware that some of the top-name security vendors simply don’t employ the artificial intelligence that’s required to combat these new hacker strategies. Many well-known solutions were designed before these more sophisticated phishing tactics were invented. Traditional solutions still rely more on the blacklist/whitelist method, allowing a shocking amount of phishing emails to slip past their filters and into the user’s inbox.
Try “Bottom Up” Partnerships
In these unsettling times, administrators in higher education might want to consider what IT analyst Rodney Hur of Canalys calls the “bottom-up” or quantity-based approach to vendor partnership. Organizations can reap more value from their IT solutions by seeking to work with a “diverse ecosystem of small partners” that can deliver more industry-leading features and the same quality of execution, but often at a more reasonable price tag. This is a savvy way for institutions to reduce costs while achieving best-in-class security from a greater breadth of vendors, especially in the key area of email protection.
Administrators should conduct a side-by-side analysis of current security solutions against the amenities of a more specialized technology provider, including cost comparisons. These independent technology providers often have lower per-user fees yet offer more sophisticated and relevant capabilities.
Optimizing Security, Reducing Costs
Many institutions are under the misconception that Microsoft E5 is sufficient protection since it’s the higher-level suite offered by this power-house vendor. The truth is, colleges and universities may be able to achieve more stringent protection by sticking with the more basic Microsoft E3 and instead adding a secondary solution from a specialized technology provider. Recent flaws reported in Microsoft’s email Office 365 encryption solutions show that depending on a single vendor—even one as established as Microsoft—isn’t the wisest strategy. And the approach of using E3 with a specialized cybersecurity vendor may lead to cost optimizations as well.
The price differential between Microsoft’s E5 and E3 suite of solutions can range between $5 to $20 per seat, per month, depending on the market. A feature comparison shows that an independent security provider, for example, delivers nearly the same level of protection while adding crucial AI filters to combat more sophisticated imposter threats, plus other amenities like smart archiving tools and data loss protection management. Yet the user still receives vital modules for Office 365 typically found in Microsoft’s E5 package, including risk management, e-discovery, and auditing tools, and at a more competitive price point.
No one suggests shopping for security solutions by price. These technologies should be evaluated first and foremost according to their effectiveness and the individual school’s requirements. But if colleges and universities apply some savvy analysis, they might be able to achieve the superior level of security the market demands, diversifying and layering their protection, while adding more cutting-edge features to address emerging threats. And better managing their costs in the process.
Rom Hendler is the CEO of Trustifi.
- A bungled FAFSA rollout threatens students’ college ambitions - April 19, 2024
- Using real-world tools to prepare students for the workforce - April 18, 2024
- 8 top trends in higher education to watch in 2024 - April 16, 2024