How do you maintain an environment that is both open and secure? Many professionals who work in education cybersecurity have to answer this question, but it seems to be a catch-22. Typically, colleges and universities value a collaborative environment. At the same time, education is unlike nearly every other industry in the sheer volume of private information IT teams must safeguard. How can cybersecurity professionals balance education values with the safety of students and faculty?
The State of Education Cybersecurity
Between 2005 and 2016, higher education institutions were the victim of 539 breaches involving 13 million known records. This is likely due to the huge amount of private data—including financial and health information—that educational institutions store on an ever-increasing number of people.
This issue is compounded by the fact that colleges and universities are BYOD hotbeds. The owners of these devices, for the most part, aren’t fully educated on safely navigating the web, or else don’t care. It isn’t uncommon for students to launch cyber attacks themselves, either. It’s made all the easier when they can freely connect to the campus network.
Furthermore, ransomware is on the rise, propagated by phishing scams and other social engineering attacks. Education cybersecurity teams must figure out how to secure a network to which thousands of users are connecting for all of their personal browsing. Otherwise, they risk crippling disruptions.
For example, in June 2017, University College London suffered a widespread ransomware attack. After some investigation, the university determined that a compromised website caused the infection; clicking on a pop-up spread the malware.
Ransomware is particularly devastating for students working on large projects for their classes, so it’s critical to be able to respond to these kinds of incidents.
Incident Response, Not Prevention
There are many things education cybersecurity professionals can do to reduce risk of a security incident, including educating students and faculty on recognizing phishing attacks. But unfortunately, it isn’t realistic to rely entirely on preventative measures. The best way to mitigate damage is to be able to swiftly react to inevitable breaches.
This starts by having a robust network traffic analytics system in place with capability for metadata and NetFlow analysis. Such a system will provide you with visibility into every corner of the network. But just as importantly, it will also provide the rich context needed to quickly investigate and mitigate an attack.
If would like to learn more about network traffic analytics, as well as metadata and NetFlow analysis, we’ll be attending the EDUCAUSE Annual Conference starting October 31st, 2017. You will be able to visit us at booth 2307—hope to see you there!
In the meantime, you may find these articles interesting: