Security Awareness in Higher Education

Cyber thieves have the higher education industry in their crosshairs. According to some reports, higher education accounted for 13 percent of all breaches, with only financial and healthcare firms being attacked at a greater ratio. Moreover, why shouldn’t they? Personal data (of everyone from alumni to staff to faculty), academic research, and cross-institutional records provide attractive targets for adversaries.

The higher education industry has experienced several cybersecurity incidents, like:

  • Database breach targeting the university’s network revealed records of 287,570 affiliated personnel, students, faculty, and staff.
  • Hack of a university’s health system may have exposed records of more than 4 million patients.
  • Ransomware cyber attack on a top university may have damaged the files stored on its systems.

If the issue is humanized, the information at risk is often that of young individuals who in the majority of instances are stepping foot in the professional world. If hackers manage to access their information, things could get ugly down the road. In fact, it could lead to identity theft and disrupt your chances of securing a mortgage, paying college fees, etc.

Educational institutions find themselves stuck in a maze as they attempt to modify their security posture and deploy new tools for mitigating the latest hacks. At the same time, adversaries are coming up with ways around the security defenses. Hence, security defenses can only protect data to a certain extent. No matter how robust a higher ed institute’s cybersecurity software may be, its end users would lead the line of defense during an attack.

That’s the main premise of security awareness in higher education.

Conventionally, awareness often takes a backseat due to the busy lives of faculty and hectic schedule of students, but efforts to educate everyone in an institute’s premises and its partners need to be stepped up if (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: