Information security continues to challenge both large and small institutions alike. According to EDUCAUSE, a nonprofit association of IT leaders in higher education, information security remains the #1 issue in 2018 for the third year in a row.
Perhaps this is not a surprise when you learn the education sector has the highest rate of ransomware of all industries and the compliance environment is becoming more complex by the day. IT organizations are constantly having to adapt to new digital realities and are thus approaching the information security of the institution with even greater rigor.
But are educational institutions doing everything they can to keep pace with security threats and challenges?
It’s not easy when students are inherently tech savvy, sometimes know more than their own IT department, and are generally unconcerned about the security and well-being of the network environment. Any attempt to force students to change their behavior is difficult, despite tireless efforts on security awareness.
Is there a need to be more proactive?
Getting proactive is a viewpoint shared by the co-chairs of the Higher Education Information Security Council (HEISC). Sharon Pitt, Vice President of Information Technologies at the University of Delaware states, “We need to be more proactive in the creation of awareness training as well as our prevention, protection, and mitigation infrastructure.”
Michael Corn, Chief Information Security Officer at the University of California, San Diego commented, “We need to decide where we’re going and what our end game is. And we need to develop sustainable strategies to get there.”
However, to develop those proactive strategies, smaller institutions are thought to be struggling with prioritization. For larger organizations it could be a culture problem. “Larger institutions have a tendency for IT staff to believe that security is the responsibility of the security operations team, rather than of all members of the IT staff.”
Getting proactive in a target-rich environment
At IS Decisions, we work with a large number of education institution across the world. We see how the emphasis on security is equal, if not more so, to corporate counterparts. But then there’s the weakest link in every organization’s security chain – the user.
Regular businesses already struggle to get intelligent, adult users to pay attention and make security a priority by being aware of phishing scams, not using unsanctioned cloud services, etc. So when it comes to protecting a base of student users – who can range from the completely innocent to the absolutely sinister – and which the majority are definitely not thinking about keeping the network secure – it’s what’s known in the military as a target-rich environment.
The academic environment is also very different to the workplace environment. The culture of education promotes the freedom to exchange ideas and access information instantly for the benefit of learning. Any security measure put in place needs to facilitate both security and productivity.
But against these challenges, one area both large and small education institutions have seen success with is managing logons.
So why should institutions care about logons?
- Logons are the common denominator in all cyber-attacks on school and university networks — whether it’s a student hacking into systems using a stolen teacher’s password, or a teacher up to no good, or even an external attacker using stolen credentials
- Logon management provides the earliest of warning signs to attacks
- Logon management limits false positives
- Logon management can actually stop attacks — unlike other cybersecurity measures, which only notify the IT department of a breach (by which point the damage is often done)
There is no doubt that IT organizations in the Education sector need a proactive security strategy. They need to be able to identify when any kind of threat actor tries to hit without obstructing the abilities of faculty, staff, and students. The logon is a leading attack indicator that no malicious insider or external threat can get around.
Only Logon Management allows the process of educating to continue as normal, but with the scrutiny and control necessary to automatically shut down suspicious activity at the point of entry.
