Protecting the Gateway to Knowledge – Inside and Out
September marked the start of a new academic year and with it I noticed the increasing mass of students navigating their way to school, college or university. For students, this brings the chance to catch-up with friends and settle in to their new environment. For educational institutions, it can bring apprehension and anticipation–rooted in the pressure of managing IT infrastructure and security.
While it may seem logical for organisations to dedicate enormous funds to in-bound cyber-threats, only 60 percent of breaches involve external actors. We’ve all heard stories of threats from within, such as the colleague who unwittingly circulated malicious data, bringing the network to a halt. But, if you think that this is as big as the issue gets, think again.
The very nature of a university means that implementing a successful cybersecurity strategy can be a tall order. There is no one size fits all approach as there are dramatic differences between the needs of each department, student and staff member. For an office, devices and their respective patch status can be effectively managed with the right strategy, but this is not the case for educational institutions. It’s impossible to force students to use a particular operating system, device manufacturer or version on their countless personal devices.
Time of year is also a factor when considering cybersecurity. A report identified that there is a spike in activity during term-time with staff or students often as the culprits, rather than external hackers. One university was subject to a four-day cyberattack, caused by a student who was targeted whilst gaming online in university accommodation.
Beyond this, there is also the threat from disgruntled staff and students who may wish to disrupt the server by overloading it with requests – often using distributed denial of service (DDoS) attacks which don’t require much technical knowhow and can be purchased quite cheaply online. The aim is not to steal data or infect a network with malware, but may be used more maliciously. For example, to make it impossible to submit coursework on deadline day.
In the battle against insider threats, institutions may be inclined to adopt a policy of monitoring and regulating network activity or a zero-trust network architecture. However, this approach is more suited to a business than a university. After all, students pay for digital liberties through tuition fees and so restriction would be unfair. Instead, a system should be considered that is secure enough to protect the network while also catering to the diversity of devices and activities.
One solution that is proving successful across universities, including The University of Cambridge, is the unification of various IT support divisions into one centralised service. This unified University Information Services (UIS) department provides cohesive IT support to tens of thousands of students and staff. With a singular IT entity, universities will have a complete overview of their network activity, making securing the system from within more manageable.
As technology advances, cyber threats continue to cause havoc and hackers become increasingly sophisticated. It’s easy for IT to snowball into a mammoth headache although, by consolidating various departments into one, this issue can be overcome. For educational institutions, this means they can control questionable activity and improve efficiencies without restricting access for staff and students who rely on the network for their work and entertainment.