The Cyber Security Imperative for Higher Education
Colleges and universities are potentially at the center of a “perfect cyber security storm” due to the ecosystem in which they function – the combination of complex and often decentralized information technology environments they manage; the open social and academic models under which they operate; the significant proprietary and confidential information they hold; and the funded research they conduct for corporations and institutions.
Colleges and universities may have cyber Achilles heels based on common collegiate vulnerabilities and, as important, may inadvertently become the gateway through which great damage is done to the industrial/educational compact played out at institutions doing significant research under contract. Should higher educational institutions be breached, significant personally identifiable information (PII), protected health information (PHI) and corporate sponsored research data are at stake. As the frequency and severity of high profile cyber attacks escalate in the private sector, as third party experts offer enhanced protection methodologies, and as federal and state government agencies impose stricter cyber security regulations, major universities risk falling behind the cyber security preparedness curve. In this article, the authors provide insights and guidelines that help move higher education institutions toward more robust and mature cyber security capabilities.
With their large and often fragmented repositories of high value PII, PHI and databases containing research data, institutions of higher education are at risk of cyber attacks from bad actors globally. Such attacks could be immensely damaging, affecting not only the direct interests of colleges and their populations but also impacting their corporate patrons and putting high value sponsored research at risk. If an attacker’s target is a major pharmaceutical, defense, medical or financial company, the attackers’ assumptions about the path of least resistance may lead them to launch their attack by targeting a major university under contract with these targets.