Higher education has been a constant target for cyber criminals in the past few years. “According to some estimates, higher education accounts for 17 percent of all data breaches where personal information has been stolen.”(Carlos Soto, Tenable) Most recently, in 2016 higher education had become the second most targeted sector in the United Sates. Higher education has collectively stored some of the most sought after data that attackers are looking to obtain, which makes them a prime target. Everything from a Social Security number to medical records, financial data, and intellectual property.
As technology continues to change, the aspects of how institutions produce, store, and secure that data about their students, faculty, and staff become much more critical. In many cases, breaches are easily preventable. Breaches are often a result of unintentional disclosure such as phishing attacks and not actual hacking methods.
With the adoption of BYOD (Bring Your Own Device) and evolution of the IoT (Internet of Things) growing at such a rapid pace, we are faced with a constant uphill challenge. A survey conducted by Bradford Networks found that 85% of educational institutions have some form of BYOD policy, with around 52% of those devices integrated into the classroom experience. It will be interesting to see how institutions define a balance between ease of access to information and securing it within their networks.
Unfortunately operating under a constant threat of cyber attacks has become the normal for higher education institutions today. This does not mean it has become a lost battle. A few key areas that will help improve the cybersecurity posture of an institution would include Access Control Policies, Vulnerability Assessments and Awareness Training. Most importantly an institutions cybersecurity team must be capable of handling the ongoing threats, and consider “when” not “if” a security compromise will occur. A cybersecurity program is only as strong as its weakest link, so be sure there are no gaps.
As a senior level technology, information security and risk management professional, Derek has over 10 years’ experience in developing, implementing, and managing security solutions for financial, healthcare, retail, energy, information technology and other industries. Derek contains several industry certifications such as CCNA, CCDA, VMWare DCVA, CompTIA Network+, CompTIA Security+ and Palo Alto ACE.
Derek holds extensive knowledge of HIPAA, PCI, and NIST standards/regulations in areas of risk management and regulatory compliance that can be applied to network, application, and physical security.