Universities Increasingly Vulnerable To Cyberattacks
In this age of heightened security threats, universities are easy targets for cyberattacks, according to security experts.
Multiple factors play into why higher education institutions are vulnerable, but according to Ken Currie, technology group vice president of Oracle Public Sector Healthcare & Higher Education, the sheer amount of data generated by each person in the university ecosystem -- including each student -- is the main reason they are targets.
"The truth is, we have a bigger problem because this data is growing quite a bit," he said to an audience of about 200 partners at The Channel Company's XChange Event last month in Atlanta.
[Related: Security Clearance: Solution Providers Pinpoint 10 Steps The Government Needs To Take Post-Breach]
Currie cited a 2013 report from research firm Science Daily stating of all the data generated since the beginning of time, 90 percent of it occurred in the prior three years. According to research firm Gartner, the rate of mobile data consumption has nearly tripled since then and is projected to jump another 53 percent in 2016.
"That's a really big problem. It's a really big problem that we focus a lot on," Currie said. "The truth of the matter is, with all these new sources of data, there are hordes of attackers going after different amounts and different parts of the data. There's different threats and a lot more breaches as a result…Higher education is no better. Of the reported PII [Personal Identifiable Information] records that were breached, there's over two million that were breached last year, and this is from a clearing house that we don't get all the higher education institutes. On top of that…they've determined that 35 percent of attacks go up to educational institutes, so they have an even bigger problem. They are at the center of that bullseye."
Currie notes that there is no single solution that can blanket all security concerns, meaning no one can guarantee an impenetrable solution. To counteract this problem, he said digital defenses need to be built with a layered approach like a bank. The same way a bank uses multiple doors, security cameras, guards, vaults and lock boxes to have multiple layers of defenses, this is also the best strategy for cyber security.
Jack LaPan, vice president of customer engagement at Southfield, Mich.-based Apex Digital Solutions believes the trend of cyber-attacks in higher education will continue and may even become more rampant due to the trend of increasing data usage.
"I sat next to a university head in Michigan, without naming names, and they said that their networks are just so vulnerable because they have to allow all these connected devices of students to access the network," LaPan told CRN in an interview. "That's the vulnerability. Their devices aren't protected. They're consumer-grade devices. They're vulnerable."
LaPan said he comes in contact with customers in the education space that are looking for a security solution, but are looking to get it at the lowest bid they can. He believes this illustrates a key issue as universities, like any business, need to be willing to make larger investments into robust security solutions. Otherwise, he said, you're only going to get what you pay for.
Andrew Bialock, owner of Advanced Systems Integrators, a Springfield, Mass.-based solution provider, said many schools don't take the necessary precautions or have just begun to take steps to protect themselves that should have been implemented four or five years ago.
"I find that most universities don't go through enough audits," he told CRN in an interview. "Most financial institutions that have that kind of credit card processing would go through auditing regularly. If they haven't done it in a while, you don't know how long it's been lax. If they've relaxed their security for a while, how long has that been? [Universities] really struggle with stuff like that."
Although much of the data generated from any school, large or small, may be comprised of students streaming from their Netflix accounts or their social media chatter, Bialokc said there is still valuable information ripe for the plucking, including credit card information, student IDs, social security numbers, confidential school records and on-campus medical documents.
"Universities have a lot of the same concerns that a normal business would," Bialock said. "A lot of times universities are taking payments over the Web, so they have that concern. But security involves a lot of things for a college. There is intrusion. The students try to break in but they are already on the inside, so they have to protect themselves from their own membership so to speak, so that makes them very different from a business. ... Universities have that on a wide scale. Kids trying to break in, get more bandwidth, and that becomes the other problem that schools have. They're sharing a bandwidth so no matter how much they get or buy, it all gets consumed completely by Netflix or something like that. Any big school just sucks it right up."
Dr. Robert Desman, director of business development for Atlanta, Ga.-based Carceron Managed IT Services, said that many schools are learning the hard way for the need to greatly invest in security solutions noting that today's schools are "easy," but some are more vulnerable than others.
"Do you own a fire extinguisher? Guess when you'll buy one. When you have a fire ...," he told CRN in an interview. "You don't think about that until it happens. We always engineer things to deal with the last event, not anticipating the next one."
Desman said that schools have a difficult time with breaches as their have an ever-growing demand for bandwidth due to the rising rates of devices and data, but as attackers become more innovative, schools will be forced to do the same with their defenses.
PUBLISHED JUNE 22, 2015