Colleges and universities are places for research, learning, growth, and collaboration — but the nature of these organizations inherently leaves them vulnerable to cyber risk. Last year, 79% of higher education institutions were hit by ransomware – and because there can be a stigma around reporting, these numbers may not even be all-encompassing.
Why are educational institutions being targeted by cyber criminals? Center for Internet Security Director TJ Sayers tells Forbes that it’s because schools not only have access to student data and administrative records, they also have a wealth of parent data like Social Security numbers and credit card information – a treasure trove for bad actors.
Keep reading to learn the challenges IT and security teams at higher education institutions are facing, and steps they can take to build cyber resilience to ensure business continuity in times of duress.
The IT and security challenges facing schools today
The scale and number of cyber attacks increased during COVID-19 as more schools moved to remote learning and deepened their reliance on IT services, says the U.S. Government Accountability Office.
And in this increasingly virtual learning environment, when a school does experience a cyber attack, the subsequent loss of learning ranges from three days to three weeks. This means recovery time could take anywhere from two to nine months – which is valuable time students and educators can’t afford to lose.
On top of that, advances in AI make it even easier to carry out highly personalized and unique attacks on schools – so much so that it’s been recommended that every school should have a CISO to ensure that they’re effectively protecting student data and promoting the continuity of education.
This shift isn’t the only factor adding additional complexity when it comes to the cybersecurity of schools. Outdated and legacy IT systems can make schools susceptible to cyberattacks, especially if they’re lacking necessary security updates and patches.
And if a district or university is experiencing budget constraints – these necessary updates are likely getting pushed out even further. This can make it even more challenging to meet and maintain different compliance standards. Many of the existing standards and required cybersecurity controls for the industry vary from state to state, forcing vendors to understand a complex patchwork of regulations, according to Steve Smith, executive director of the Access 4 Learning Community.
Additionally, security leaders in the education sector must manage a changing user base annually. Imagine the challenge of leading the security strategy of a company where thousands of users experience 100% turnover each summer. With so much extra complexity, the time for building cyber resilience is now.
How schools can build cyber resilience
Building cyber resilience takes time. But one way security professionals in the education sector can get started is by focusing on building a strong foundation for their security program — which boils down to knowing exactly what exists in your environments across districts or colleges. When it comes to gaining comprehensive visibility into your complex environment, a cyber asset attack surface management (CAASM) solution like Axonius can help.
Axonius is a single, unified platform that becomes the system of record for your entire digital infrastructure and unifies data across buildings and campuses — providing complete visibility into all assets, along with a better understanding of their security state.
In fact, Texas A&M University gained just that by leveraging Axonius Cybersecurity Asset Management. In addition to achieving real-time visibility, the university is able to maintain an accurate asset inventory, and gain insight into huge amounts of sensitive data. Now able to close security gaps across colleges, the IT team has a better understanding of its architecture than ever before and can take proactive steps to mitigate issues, vulnerabilities, and problems. And if you’d like to learn more about how Texas A&M University gained insight and clarity with Axonius, you can read the case study here.
