Cyber Security: Higher Education’s Highest Risk
For the third year running, cyber security has topped the risk registers of higher education institutions, before financial sustainability, student...
For the third year running, cyber security has topped the risk registers of higher education institutions, before financial sustainability, student experience or infrastructure.
This is not surprising, considering more than 90% of UK organizations say they have experienced greater exposure to cyber risk due to increased digitization in the last 2-3 years. And higher education institutions have had to digitize like no one else. The pandemic pushed universities and colleges around the world to “get online and keep the lights on” almost overnight. Some of the IT systems set up during the COVID rush are still running, with many colleges and universities still playing catchup in creating a better online experience.
As a result, (and also due to increased cyber warfare) the number of cyber-attacks (ransomware and data breaches) between 2021-22 and 2022-23 has significantly increased (by 258%). The UK has reported suspiciously low numbers of attacks over this period, when in fact a Times Higher Education survey reports cyber-attacks on UK universities occur weekly. Are higher education institutions coping silently with ransomware attacks to avoid reputational damage and further vulnerability to more attacks?
Cyber-attacks cost money, trust, reputation and cause liability.
In the current climate of political and funding pressures, culture wars and partisanship, colleges and universities can be targeted by malicious attacks from multiple sources: current or former students, political groups, foreign state interference, and so many others.
Whilst most cyber-attacks are caused by financial gain, not all cyber crime is made equal. Higher education institutions hold unique intellectual property, confidential research and commercialization agreements that give them and their people a unique competitive advantage.
Think of the COVID vaccines, new discoveries in technology, neuroscience, medicine and so many other fields – many of them have been conceived in college and university labs. A cyber-attack can steal, leak, block access or entirely remove this hard work, now that everything is stored online.
Because institutions are becoming faster and more adept at identifying and stopping these attacks, intruders act fast, and end up sweeping entire servers and databases to gain access to as much information as possible. This can include staff and student identity data and documents, medical records, payroll or academic records, in addition to research and other intellectual property.
The impact of cyber crime depends on the culprit, but institutions are right in assuming worst case scenarios in each instance.
In what was dubbed at the time as “the biggest hack in Australian history”, the attack on one of Australia’s largest telco caused chaos. It led to sensitive information being shared on the black market and millions of people having to replace their credit cards, passports and driving licenses.
Identity theft, private and confidential information disclosure, the ability to continue studying or working are just some of the side effects for students and staff. If their work or academic records have been erased with no back-up, this can cause immense stress and disruption.
According to a report from IBM, the average data breach in the higher education and training sector cost $3.7 million in 2023, whilst another states the education sector lost $53 billion over 5 years (2018 to 2023) worldwide in downtime alone. Lawsuits often follow large data breaches and can hike their costs significantly. The University of California was subject to several class action lawsuits, and ended up paying out over $7.5m to victims, after paying $1.14 million to hackers as ransom.
The reputational risks and the loss of institutional trust are much harder to quantify, and for smaller institutions with limited financial resources, this could be the nail in the coffin, as was the case for Lincoln College in Illinois.
“As cybersecurity attacks become more sophisticated, user education must try to keep pace. Removing the stigma or embarrassment from reporting a phishing attack to your IT or cybersecurity department is crucial to gaining trust with your user community.” States Joe Potchanant, director of the cybersecurity and privacy program at EDUCAUSE, in an interview with EdTech Magazine.
Clear and regular communications about the many ways students and staff could be targeted and a clear and easy to activate protocol in case of suspected phishing or malware attacks are vital.
If cyber security is the top risk for higher education, then IT departments, IT infrastructure resilience and their funding should also be high on the priority list. Except, it’s not quite the case: IT share of budget is around 4% on average.
IT departments are the engine room of universities and colleges, but they haven’t quite gained the recognition they deserve. The talent gap determined by the inability of the sector to compete with commercial institutions on compensation and flexibility, among other things, is adding pressure on existing employees.
IT departments have many plates to spin, but their main priority is to keep students online, to deliver their core functions: access to the knowledge and the tools to deliver courses on campus. Many institutions have extended this access to student devices, through app visualization or virtual desktop infrastructure (VDI). And the more complex the IT infrastructure, the harder it can be to maintain. And the more exposed it is to vulnerabilities and threats.
When Middlesex University adopted the AppsAnywhere technology in 2019, they were delivering around 100 applications to over 4000 computers across campus. Most apps were installed manually on each machine, which caused several issues, including low device performance and a never-ending catchup game on software security compliance.
Now in its fifth year using AppsAnywhere software delivery, the team have doubled the number of applications and significantly increased the number of devices they are being delivered to, through a robust BYOD (bring your own device) strategy.
Whilst this could have exposed the infrastructure to cyber-attacks, it actually allowed them a better control over how applications are accessed by students and staff. It enabled more regular updates of security patches and maintaining a lean management of active users with minimum down time.
“Every summer we would spend weeks reimaging and updating every device on campus. Now with AppsAnywhere it takes literally minutes. This has freed our team to do much more exciting work and we invest our time in improving processes and strengthening on cyber security” stated Roger Fox, Operations Group Manager, Computing Communications Systems Service (CCSS) at Middlesex University.
Cyber security has long been considered the problem of IT leaders, but when it reaches the top of institutions’ risk register, it becomes the priority of Presidents and Board members. Leaders need to get granular in their understanding of how cyber security affects their institutions at strategic level and make bold decisions to invest in innovations that will protect institutions and their students.
Sign up to our newsletter.
AppsAnywhere is a global education technology solution provider that challenges the notion that application access, delivery, and management must be complex and costly. AppsAnywhere is the only platform to reduce the technical barriers associated with hybrid teaching and learning, BYOD, and complex software applications, and deliver a seamless digital end-user experience for students and staff. Used by over 3 million students across 300+ institutions in 22 countries, AppsAnywhere is uniquely designed for education and continues to innovate in partnership with the education community and the evolving needs and expectations of students and faculty.
Register your interest for a demo and see how AppsAnywhere can help your institution. Receive a free consultation of your existing education software strategy and technologies, an overview of AppsAnywhere's main features and how they benefit students, faculty and IT, and get insight into the AppsAnywhere journey and post launch partnership support.
Register your interest for a demo and see how AppsAnywhere can help your institution. Receive a free consultation of your existing education software strategy and technologies, an overview of AppsAnywhere's main features and how they benefit students, faculty and IT, and get insight into the AppsAnywhere journey and post launch partnership support.