Protecting Universities in Today’s Cyber Threatscape
At a time when organisations across all industries are on high alert for the risk of cyberattacks, it’s no surprise that digital security is a key priority for educational institutions worldwide. The intricate mix of on- and off- campus students and staff, university and user-owned devices means these organisations have one of the most complex IT environments around, which is extremely difficult to protect from security threats.
Therefore, it isn’t surprising to see that a recent Jisc report reveals a 10% increase, since 2017, in universities with dedicated cybersecurity leaders, showing their desire for improvement in this area.
That being said, these institutions can still implement additional measures to ensure their cybersecurity strategy is robust enough to mitigate the ever-evolving risks brought about by the digital era.
Below are three key areas of cybersecurity universities should focus on:
Patching the Weak Spots
It’s no secret that cybercriminals are becoming more and more skilled – for example, the average time it takes them to exploit vulnerabilities is decreasing, making it challenging for organisations to remediate in such tight timeframes. Interestingly, Gartner has predicted that, by 2022, 90% of vulnerabilities exploited will be those known to the business. This may be because, although staff are aware of these system weaknesses, they aren’t always around to promptly react to attacks: 67% of IT university workers aren’t available 27/4 to respond to security incidents.
The situation is made more critical by the absence of suitable technology to ensure around-the-clock protection – in fact, only 28% of universities implemented a Security Information and Event Management System (SIEM). So, while HE organisations are more likely to report security incidents than those in further education, whether they actually respond to these incidents is up to the good will and dedication of security staff – of which there is a shortage.
To ensure an effective and constant defence against cyberattacks, universities need to up the ante on the patching front. Modern patching solutions not only provide protection from malware and other threats, they also help garner valuable insights. For example, Ivanti Patching Intelligence provides metrics that help staff understand risks, creating a simple view of what patches are required, driving more informed patching decisions.
Controlling Access and Applications
Within any organisation, ensuring users are able to access the necessary resources to do their work is vital. This is particularly true in universities, where technical difficulties can hinder students’ ability to complete coursework, meet deadlines, and make full use of services they pay significant fees for.
For security reasons, some universities require students to go through long and tedious processes to gain crucial access privileges – sometimes having to wait days before their request is fulfilled. Furthermore, some institutions forget to revoke access rights from student or staff members who have left the organisation, meaning they can still view sensitive information and utilise private servers.
Modern identity management solutions, such as Ivanti’s Service Manager, are able to automate the entire access provision process, empowering students to request and obtain privileges within 40 seconds. The access is then automatically revoked after a set period of time. It’s clear how this approach not only allows users to be work efficiently, but also enhances the organisation’s security.
Keeping on top of trusted and untrusted applications is also vital – though it’s easier said than done. Disabling potentially dangerous applications may be possible for businesses, where employees are expected to only use company resources to do their job. But staff and students, who are largely based on campus, also use university networks for non-work-related matters. Thankfully, this aspect, too, can be regulated with technology. Ivanti Application Manager can independently identify unsecure applications and prevent them from running. In this regard, inventory is key. Universities must have clear visibility of what devices and softwares are utilised within their network, in order to effectively manage and protect them.
Preventing Social Engineering Attacks
To protect universities from cyberattacks, relying solely on latest-generation security technology is not enough. Educating staff and students to identify threats and handle them appropriately is just as important.
Cybercriminals often employ social engineering attacks, disguised as innocuous emails, for example, inviting unwitting users to click through fraudulent links and download viruses. The Jisc report mentioned above indicates phishing as one of the top threats experienced within higher education. Therefore, educational institutions should work to keep students, teachers and all other employees up to date on new cyberattack trends – so that they are constantly alert and avoid exposing the organisation to risks of this kind. Interestingly, 48% of universities leverage phishing simulations to train users to detect and correctly respond to suspicious emails.
University networks are navigated by a multitude of users across all ages, some more tech-savvy than others. That’s why phishing awareness and defence should be a core aspect of a sound security strategy.
Institutions in higher education have incredibly complex IT infrastructures and defending them from today’s digital threats is no easy feat. However, with the right technology and the right mindset, these organisations can navigate today’s cyber minefield and ensure effective protection.
Find out more about how Ivanti can help protect your university IT environment here.