Key points:
- Higher education is often left with gaps in security
- Focusing on fundamentals and bringing in outside help can strengthen cybersecurity measures and protect critical data
Cybersecurity incidents at higher education institutions are on the rise. That includes ransomware attacks. According to one survey, 64 percent of responding institutions reported ransomware attacks in 2021 – up from 44 percent the prior year. Education institutions often still struggle with legacy systems and need to modernize – but they’re hindered in these efforts by a number of factors, including a limited budget and compliance requirements. And the rise of online learning exacerbated an already difficult situation.
Let’s look at the threat landscape and how this sector can overcome its security challenges.
Examining the threat landscape and the challenges creating complexity
The various techniques and strategies used by threat actors are becoming more sophisticated. At the same time, the dialogue about the various tools, techniques, and strategies that higher education needs to fight those threat actors is also becoming complex. In addition, we are seeing cyber incidents increase – and the attack surface is continuing to expand.
Essentially, with all the complexities and the breadth of cybersecurity controls that are needed to protect an organization, what happens is that without the right level of talent and the right amount of support, small and medium organizations (like most higher education institutions) can’t keep up. This makes it very difficult for them to make any kind of progress in cybersecurity.
It all starts with the complexities facing the education sector – not just from an external threat actor perspective, but also from a solution standpoint. IT security teams are trying to fight the latest and greatest threats as they arise. And as they’re thinking about the bigger picture, the fundamentals of cybersecurity sometimes get missed.
Taking back control
The first step toward cyber maturity is to take back control of foundational processes and procedures. Cybersecurity posture is complicated for any organization; for educational institutions, the often-decentralized structure, mass number of stakeholders, and specific business processes can sometimes make it even harder to get their security posture bolstered. There’s also a wealth of state and federal compliance requirements that must be met.
Given all that, it’s key to start with the basics. For instance, many organizations – not just education – struggle with how to address vulnerabilities. It’s very difficult for them to patch systems in a timely manner, but this is really Cybersecurity 101.
It’s important that the baseline problems are addressed first. Obviously, schools need to have an eye toward the future and what else needs to be fixed, given current cybersecurity trends, but if they focus on the fundamentals, they’ll make meaningful progress over time.
Supplement your existing talent pool
The second step is to consider supplementing your talent pool. The cybersecurity skills gap continues; according to ISC(2), there’s an estimated global shortage of 2.7 million skilled cyber professionals. This impacts all sectors, but it’s an extra-big challenge for educational institutions, which can’t compete with the salaries the private sector can offer. One way to do this might be looking at how to bring in students from programs at the school to also help with the institution’s own cybersecurity.
Looking to a trusted partner
The third step toward cyber maturity is to consider finding a cybersecurity partner. Sometimes trying to do everything yourself winds up creating more problems. It might cost more in the long term, and it may perpetuate existing problems. This is where it may make sense to look for help outside the school.
It’s all about leveraging the right people for the right purpose. Could an education institution just build its own army of cybersecurity professionals? Possibly. But is that going to be the best use of time and resources? It may be time to look outside the box and find a trusted partner who can help the school by supplementing its existing resources rather than just replacing them.
An education in security
The field of education has a target on its back. Due to the amount of sensitive data being protected by these entities, combined with layers of complicated technology in the ecosystem, organizations are often left with overlooked gaps in security. Cybercriminals are aware of this fact, and more of them are now focusing their attacks on these schools.
However, by following the three steps toward maturity – focusing on fundamentals, expanding the talent pool and even bringing in help from the outside as needed –education organizations can close their security gaps. These three tips will help them build a stronger security posture, enabling them to protect the trove of sensitive and valuable data they hold.
Related:
How 3 university executives created student-run SOCs
- Guidance on higher ed revenue sharing may be safer than many assume - December 6, 2024
- Students using AI: It’s not that scary and shouldn’t be banned - December 2, 2024
- Identity theft preys on campuses–here’s what we can do about it - November 26, 2024