Colleges Face Growing Cybersecurity Threats
Cybercriminals use cutting edge technologies and methods to exploit university systems, stealing sensitive information, and then threatening to share it on the dark web unless a bounty is paid. The Moody’s Investors Service report that cyberattacks on higher education are on the rise. Verizon’s 2019 Data Breach Investigations Report suggests that espionage is the motive behind 11 percent of attacks on educational institutions. Institutions of higher education are expected to be compliant with a growing array of state, local, federal, and private regulations. This includes 200+ operational, financial, privacy, and cybersecurity laws (for e.g., OSHA, Anti-Kickback Act, Sherman Antitrust Act, Sarbanes Oxley, HIPAA, and various privacy protection requirements).
The top risks for these institutions include reputation risk, compliance risk, and operational risk (stem from inadequate processes, systems, etc.). The cyber risks include phishing, user awareness, cloud security, security strategy, access management, data security and personal devices (BYOD). Many ransomware attacks are the result of phishing emails, where users click a link and inadvertently download malicious software.
Higher education is more vulnerable because of academia’s unique culture, which prides itself on a degree of openness and transparency that most industries lack. The three approaches that will help reduce information security risks for academic institutions are:
- A proactive, deep-defense approach
- User training
- Higher-end collaboration among institutions
The strategies will vary depending on each institution's risk factors and management plan for those risk factors. Though threats are constantly evolving, colleges and universities must continue to invest in both the talent and infrastructure needed to meet cybersecurity challenges. The institutions are also investing more resources than ever on compliance.
There is an overall shortage of qualified cyber security and compliance professionals, hence the organizations need a trusted partner they can team with to help achieve their goals of continually enhancing security and compliance. e-InnoSec has made significant investments in leadership, methodology, and personnel to be that partner. The services include free training using the SECURTEAIN eLearning platform as well as classroom training.