While students flock to universities, community colleges and other higher learning institutions to continue their education, these same institutions are rapidly learning a lesson of their own: Cyber security in schools, specifically in higher education and universities, is one of the top issues facing education leaders today.
Cyber security in schools: Why it is a problem
One of the first use cases for the internet was to connect educational institutions. Today, higher education thrives on online access. From connecting departments and colleagues to each other and other institutions to powering internet-connected printers to feeding students’ insatiable hunger for bandwidth, higher education institutions are as connected as you can get. In addition, online classes continue to grow in popularity, while the pandemic meant that most institutions conducted the bulk of their operations completely online for months or more at a time.
As a result, issues surrounding cyber security in education, specifically higher education and universities, are prevalent. According to Verizon’s 2021 Data Breach Investigations Report, cyber attacks in schools led to 1,332 security incidents over the last year, resulting in 344 breaches. This made the education industry the sixth most attacked industry studied in the report.
The rapid switch to online classes during the pandemic provided opportunities for cyber criminals to use social engineering tactics on students to instigate fraudulent fund transfers. In addition, the misconfiguration of databases challenged cyber security in schools by allowing hackers to install ransomware or other malware.
Cyber attacks in schools: Solving security issues in higher education and universities with a cyber security framework
To overcome the significant issues of cyber security in education and ensuring data security, leveraging a cyber security framework to optimize your security efforts is critical to help minimize cyber attacks in schools. This framework can help you implement the best cyber security practices as they pertain to security issues in higher education and universities, which can be vast and varied.
When examining the issue of cyber security in schools and how to better protect colleges and universities, several considerations need to be taken into account. Some institutions, for example, are the size of small cities. They often provide everything from retail to healthcare to housing for students, and they may conduct sensitive government-funded research and development. Financial data, personal data and proprietary research data are spread across each department, all of which often operate independently. In addition, many universities are still in the early stages of their digital transformations and continue to rely on on-premise, legacy applications that may be less secure than cloud-based solutions.
Your framework can incorporate all those considerations to create an approach that allows you to continuously evaluate and improve your cyber security. By creating and using a framework, you can break your cyber security issues into manageable chunks, so you can then prioritize based on need, return on investment and issues like meeting government compliance.
To help address cyber attacks in schools, the National Institute of Standards and Technology provides a cyber security framework that higher education institutions can use to help address security issues. The framework consists of five concurrent, continuous functions:
- Identify: Develop an understanding of your entire cyber security risks, such as systems, people, assets, data and capabilities.
- Protect: Define and implement the safeguards required to prevent attacks and ensure the delivery of critical services.
- Detect: Define your approach for identifying a cyber security incident or breach.
- Respond: Define your approach for stopping and containing the damage from an attack.
- Recover: Define your plan for restoring capabilities once a breach has been contained.
Putting a cyber security maturity model to work
A cyber security framework gives you a written set of instructions and standards for how to prevent, respond to and remediate an incident. The framework allows you to respond effectively in the event of a breach instead of trying to figure things out as you go. However, creating a framework from scratch for cyber security in schools can be a time-consuming, complex endeavor involving hundreds of stakeholders. And you have to ensure it’s shared and communicated across the organization so everyone knows their responsibility.
For true data security in higher education, a maturity model is crucial. Once you define your framework, a maturity model can tell you how well your institution is meeting its goals. By scoring your cyber security maturity, you can determine your current state, communicate your goals for a more mature state, and identify the tasks or capabilities required to help reach your desired level. This ensures everyone is working from the same playbook and taking action with the same goal in mind: preventing cyber attacks in schools.
A third-party security partner can help leaders improve cyber security in education by developing and executing a cyber security framework using best practices collected from across industries that are honed to help strengthen cyber security in schools, including in higher education. In addition, a security partner can provide an evidence-based risk management program that tells you exactly where you are in your cyber security maturity journey, along with the steps you need to meet your maturity goals.
For more insights into how to help minimize cyber attacks in schools and improve cyber security in education, read Verizon’s 2021 Data Breach Investigations Report.
The author of this content is a paid contributor for Verizon.