When EDUCAUSE unveiled its 2017 Top 10 IT Issues, it came as little surprise that security again topped the list. Higher education faces a confluence of risk factors around cybersecurity, and the resulting threat is a force to be reckoned with. These factors include a gradually improving defensive posture that historically has been weaker than in other industries; valuable assets such as financial information and intellectual property; a proliferation of connected devices; and an extremely diverse — compared to the business world — set of users to educate and enlist in proactive security strategies. On top of that, institutions face a sophisticated array of threats that just keeps growing.
Symantec’s 2016 Internet Security Threat Report notes several recent developments that are worth paying attention to. The scale of attacks is getting bigger, which means more individual records are being compromised. Certain types of attacks are increasing dramatically: spear phishing campaigns and ransomware jumped 55 percent and 35 percent, respectively, in 2015. And here’s an important fact: Small organizations are not exempt from being a target.
Because of all this, it’s no surprise that security solutions are prime areas for investment at many institutions. In a survey of higher education CIOs conducted by the Leadership Board for CIOs, 30 percent said that security would be their top technology investment in the next five years.
Two emerging technologies are about to make IT’s security mission even harder: artificial intelligence and the Internet of Things. In some ways, these feel like points on a distant horizon, but the fact is, they’re already here. The applications we see now are just the beginning.
Time magazine predicts that, in the future, hackers will start to use AI to launch automated cyberattacks faster and more efficiently. AI promises an intriguing array of positive benefits, of course, and some experts believe AI is poised for takeoff. But we need to be mindful of the potentially negative consequences too. According to Time’s report, some experts believe hackers have been experimenting with AI for the last few years.
The IoT falls on a similar spectrum, with incredible benefits on one side and unprecedented threats on the other. Connected devices represent vastly more entryways into campus networks. Some of the devices we least suspect — say, networked printers — have already become conduits for hackers. The more devices we connect, the more vulnerabilities we create.
It’s also worth mentioning that, even though we may focus most of our concern on digital infiltration, we still need to protect against threats in the physical world. Case in point: At the University of Iowa last year, an individual attached a physical device to computers in a lab, stole log-in credentials from about 250 faculty, staff and students, and then used those to change student grades.
One attribute of the security landscape has become permanent: the reality of constant change. Gone are the days when IT experts could identify a finite set of threats, shore up their systems against them and move on to another task. New threats emerge perpetually — consider ransomware, for example. In early January, Los Angeles Valley College paid $28,000 in bitcoin to hackers who had taken control of certain computer systems. This form of attack represented $1 billion in losses in 2016, a figure the FBI expects to double this year.
Today, maintaining a sufficient defense posture is an ongoing activity. It requires constant vigilance, a commitment to keep technology solutions up to date and the agility to adapt to changes in the threat landscape. Smart institutions have already begun to prepare for new vulnerabilities that will accompany the IoT and artificial intelligence. The savviest institutions are also vigilant to the distant horizon and the threats — still unknown — that will emerge in the future.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.