A recently published report by Infoblox Inc. discovered that over 80% of IT professionals working at higher learning institutions find securing campus networks to be more of a challenge every year.
The report (Defending Networks at Higher Learning Institutions – Heroes Needed) gathered information from more than 600 students and employees at educational organizations across the USA and Europe.
So why are Colleges so susceptible to insider threats and what should IT and security professionals be on the lookout for?
Bring Your Own Devices
The growing trend of BYOD (Bring Your Own Device) is seeing a huge number of devices being connected to College networks every day. This number is increasing year on year as students are bringing more devices onto campus, including laptops, smartphones, tablets, smartwatches, and gaming consoles. In fact, the survey found that, on average, each student has four or more devices connected to the network.
With a larger number of connected devices present each year, it becomes increasingly difficult to locate and control the use of data being transmitted, stored, and processed – which can present huge compliance problems.
Unsecured devices connecting to the network can also increase the risks of a data breach, and data loss through the loss of connected devices is also a threat. There are numerous other issues with BYOD that present challenges to Colleges, many of which can be found with a quick Google search.
Insiders Presenting the Biggest Threat
Organizations often spend large amounts of money building protective walls around their network and endpoints. But this approach is back to front. The first port of call, in terms of your IT security, should be the data. After all, it’s no good locking the doors and windows if the burglar already has the key.
This is particularly relevant to the Education sector, as 48% of those surveyed suggested that insider threats presented the biggest threat to their cyber-security. The majority of IT staff in the surveyed organizations indicated that a quarter of all devices students brought with them were already infected with some sort of malware and that a third of students knew of another student who had attempted to breach the campus network.
By far the best way to address insider threats is to ensure you have an easy way of auditing, monitoring, and alerting on your user behavior, as well as being able to locate where your sensitive data is and who has access to it. To do this, you will need to deploy what’s known as a Data-Centric Audit and Protection Solution.
Lack of Cyber-Security Awareness and Best Practices
In spite of the increasing frequency and severity of cyber-attacks that we are seeing year on year, organizations (and especially those in the education sector) are still woefully underprepared.
In the last two years, 60% of those surveyed had not made any updates to their network security, including not having made changes to their key passwords. This is a significant problem that is common across all industries; cyber-security threats are evolving at a pace that organizations are simply not keeping up with.
A disheartening lack of cyber-security education is present across the board, from students to staff at many educational institutions, which then leads to poor cyber-security practices and an increased risk of data breaches.
How can educational institutions expect to properly protect the personal data of their students and staff if they are failing to get the tools and training they need to stay ahead of the cyber-security threats? Something has to change.