Lone-wolf hacker groups creating nuisance hacking tools in the basement have been replaced by sophisticated data-breach criminals as the top cybersecurity threat to universities. Hackers today are working around the clock to steal sensitive research, intellectual property, and personal information, costing universities millions of dollars and damaging their reputation in the process.
The landscape of who the criminals are has changed dramatically. It’s not the ’80s hobbyists targeting systems for bragging rights; universities are facing criminals coming after sensitive information and resources that have tangible virtual and financial worth attached to them.
According to the Director of Indiana University for Applied Cybersecurity Research Fred Cate, higher education is vulnerable because – in contrast to stealing information from targets such as financial institutions – university computer networks have featured relaxed security rules historically and have been as inviting as their campuses.
This is because these universities want their donors, alumni, students, prospects and faculty to connect with them pretty easily.
But the current state of network security is putting personal information at risk. Just recently, Butler University warned 160,000 of its staff, students, alumni and faculty that hackers may have accessed their personal information. The Indianapolis institution learned about the breach when officials from California contacted them the previous month to inform they have taken an identity theft suspect under custody; the thief had a flash drive with information about Butler’s employees on it.
Michael Kaltenmark, speaking for Butler, said that university officials determined the exposed data included bank account information, social security numbers and the birth dates of more than 163,000 students, alumni, staff, faculty, and even prospective students who never enrolled in classes.
Kaltenmark suspects remote hacking as the arrested individual has no affiliation with the university.
Data breaches in universities can cost institutes $111 on average per record. According to a Ponemon Institute study in 2013, this figure calculates the damage to the college’s reputation.
Founder and Chairman of Ponemon, Larry Ponemon informs us that there are a lot of breaches in universities that go undetected, more than in other sections such as retail and finance. That is because universities are not aware of data leakage and its potential consequences. It can cost them millions of dollars.
While universities are at a risk from a financial standpoint, the biggest concern for their IT departments is to do everything they can to answer cyber risks questions and to come up with policies that mitigate breaches along with providing support for those who are affected by potential data exposure.
Data breach safety at a lower cost
Data breach insurance is both hard to get and costly. The insurance companies offering this sort of protection usually have a checklist of what universities need in place with their existing security practices.
Usually educational institutes need to have a strong security posture because they can even be allowed to opt for insurance. That is why colleges need to build in-house forensics best practices, and establish channels through which they can reach out and get help quickly should a breach occur.
A way to keep costs low can be having standing contracts with service companies that can be accessed on incident-by-incident bases.
The other security measures that can be taken include establishing of data security policies which students, staff, alumni and anyone else accessing the network should be required to adhere to.
For example, these individuals should be informed about data breach phishing scams – no one will ask for their social security number via email or phone.