Trending / March 30, 2016

Hackalaureate: To What Degree Are Universities at Risk?

In days of old,
Or so I’m told,
When the Web was not invented,
You braved the cold
So to behold
A prof in flesh presenting.

Okay, so I was more than told.

A zillion years ago, when I was a grad student in Paris, there was no Web to surf, no online courses to take. Things were done in person—with pen, paper, and, as it happened, Wite-Out. I remember deciding to drop a course. I took the requisite trip to the Registrar’s office, where I watched a clerk pull a sheet of paper—the class roster—from a file cabinet. A whiff of Wite-Out later, et voila!, course dropped.

Archaic as it seems now, I can assure you I never feared for the security of my personal data.

My, How Things Have Changed!

While I’ve been labeled a Luddite for preferring the heft of a book to the convenience of a Kindle, I am also addicted to the Internet, certainly unwilling to give up modern connectivity, and have even taken an online course or two. Like many others, I’ve chosen to trade some of that old-timey security for expediency, functionality, and the ability to access information and collaborate across miles, oceans, languages, cultures.

But at what cost? Really?

The Great Brain Robbery, as reported on 60 Minutes, isn’t just occurring across the commercial sector. It’s hitting at our intellectual hearts, our universities. They’ve become prime targets. In fact, Symantec’s 2015 Internet Security Threat Report shows education as the third most breached sector, where hackers are not only looking to steal personal details and records (easily sold on the black market), but also hard-earned research and intellectual property. Of course, students and faculty are vulnerable, but what about the universities themselves? According to Ponemon Institute’s 2015 Global Cost of Data Breach Study, the average cost per lost or stolen record in education can run as high as $300. And that doesn’t even factor in a tarnished school rep.

In 2014, we all remember the infamous Sony data breach. It impacted a whopping 47,000 records. Did you know that same year at least five universities had bigger breaches? They included: Arkansas State University (with 500K records compromised); North Dakota University (300K); University of Maryland (300K); Butler University (200K); and Indiana University (146K). Multiply those numbers by $300 and, yow! That’s gotta smart.

Since then, universities have continued to make “hacked” headlines: Harvard, Berkeley, Johns Hopkins, Washington State University, University of Virginia, Penn State (my alma mater), and many more across the globe. A recent VMware study showed that one in three U.K. universities face cyber attacks on an hourly basis. In addition to personal data and research, hackers seem interested in exam and dissertation results. Also, with the UVA breach, evidence indicates it wasn’t solely a system hack, but one targeted at individuals with ties to the Defense Department. Does anyone really want to argue that nation-state actors are not going after universities, especially those with government ties?

Get Smart, Fight Smart

I think we’ve got it: Universities are treasure troves. They have what hackers want—not only tons of personal identification and financial information, but expensive, state-of-the-art research data and intellectual property that’s cheaper to steal than develop. I think we’ve also got that: Protecting proprietary information and intellectual property takes more than good patent attorneys and non-disclosure agreements. Today, with classrooms moving to chatrooms and records and research stored in file servers rather than file cabinets, it’s all about IT security.

The historic openness of university networks, which has enabled faculty and students to easily connect, collaborate, and share, has created vulnerabilities. So, too, has the fact that schools often have lean IT staffs and tight budgets, dispersed campuses and decentralized networks that complicate oversight and security, and even traffic types that can cause issues. For instance, students like video, and so universities must contend with high volumes of video streaming (e.g., Netflix, YouTube, Hulu).

So how to balance protection with the sharing and collaboration necessary to stimulate and advance education and research? To start, there’s a way to do more with less. Universities can fine-tune their existing security products to work smarter by filtering out irrelevant network traffic so that specialized security devices can spend precious compute and analysis cycles on what’s most crucial. Not only does this ease administrative and management burdens of security stacks, it can also improve overall infrastructure performance. For a blueprint of how this can be done, check out why George Washington University chose to implement Gigamon’s GigaSECURE Security Delivery Platform.

And though my nostalgic heart bleeds a little, I suppose universities really have moved beyond hiring more clerks with Wite-Out.

Back to top