Colleges and universities are prime targets for cyber attackers. From the large volumes of PII to medical and research data; higher education institutions are a gold mine for bad actors. The pandemic also added new attack vectors as institutions turned to remote and hybrid learning environments. CISOs, CTOs, and IT teams within higher education have a very challenging task when it comes to cybersecurity and data protection. With open networks, diverse user types, and limited resources, what can colleges and universities do to enhance protection? Listen to this podcast for tips on how to develop a cybersecurity risk management plan for your institution.
Host: James Hilliard
Guests:
- Bobby Sears, Senior Vertical Alliances Manager, Higher Education at Connection
- Steve Nardone, Senior Director of Security and Network Solutions at Connection
- Tim Allen, Director of Operations and Technology at Connection
Show Notes:
[1:25] Universities and colleges are seeing an increasing number of cyberattacks due to their data-rich networks. There is recognition among the industry that data governance policies are needed to protect PII. Now is the time to reset plans to mitigate cyber risks.
[7:13] Approximately 74% of ransomware attacks launched in higher education are successful. Access to networks need to remain open to support learning environments, but institutions struggle with limiting access and identifying bad actors. Many institutions are paying out ransoms but not getting all their data back in return. Data backup systems and processes can be put into place but that is a reactive solution.
[10:42] Private universities typically have stronger cybersecurity programs in place whereas some universities must make some tough decisions when it comes to budgeting. The good news is that any improvement is better than not doing anything at all and there are ways to prioritize the areas of greatest risks.
[15:03] Managed capabilities can help stop attacks before they happen. There needs to be constant monitoring of the network to look for suspicious activity. Universities and colleges should also implement network segmentation to make sure the most critical data is protected with stricter access controls.
[17:56] Because institutions are being attacked regularly, implementing a Zero Trust approach can greatly benefit. Conduct third-party penetration testing to find vulnerable points of access.
[22:42] There aren’t enough cybersecurity experts in the industry. Leverage students enrolled in cybersecurity programs to help nurture their professional development. Have them conduct pen testing.
[24:00] Set a risk baseline and develop a roadmap for the future. Include your networks, business continuity and disaster recovery plans, edge security, and identity access control. This will also help you prioritize your risks and limited resources.
[29:00] Cyber risk management is top of mind for many colleges and universities. There’s lots of opportunities to strengthen your cybersecurity program. Connection can support you wherever you are on your journey, including conducting a Security Landscape Optimization assessment to get your team started.
Visit our Cybersecurity Awareness Month webpage for more resources. You can also hear us on Apple Podcasts, Amazon Music, Spotify, or Podbean.