It’s no surprise that security is top of mind as a new year (and semester) begins for those at higher education institutions. EDUCAUSE named information security their top IT issue of 2017. TIME has predicted that this year hackers may start to use artificial intelligence to make cyberattacks even easier to execute.
So how can universities be prepared for the incoming threats? Well, knowing what these threats could be might help.
“These attacks are becoming more frequent and more significant. Even the large universities with the most justifiable infrastructure defense practices in place are not necessarily going to be able to prevent hacking,” says Sharon Pitt, CIO at Binghamton University in New York, who is a member of EDUCAUSE’s Higher Education Information Security Council Advisory Committee.
In December, Intel Security and McAfee Labs released their 2017 Threats Predictions report. While some predicted threats, like dronejacking, may not relate directly to higher ed, many of their predictions do.
The security ratings firm BitSight found that the education sector was the most impacted by ransomware last year. THE Journal reported that 13 percent of educational institutions experienced a ransomware attack in 2016, compared to 5.9 percent in government and 3.5 percent in the healthcare industry.
Intel predicted that in the second half of the year, threats from ransomware will subside. They note that initiatives like No More Ransom, a collaborative project between law enforcement and IT security companies in the United States and Europe, have worked to disrupt cybercriminal businesses with ransomware connections.
Intel also notes that more anti-ransomware technologies will be developed and released by the end of the year.
A recent survey by CampusBooks.com found that 94 percent of students own smartphones, a higher percentage than those who own laptops. Intel’s prediction that mobile malware will grow this year could have a huge impact on college campuses.
“We have so many people bringing endpoint devices into our campus network environment, and we don’t necessarily have control over that,” says Pitt. “We have required training for university employees, but that doesn’t touch the students.”
With Intel predicting the increase in credential theft and remote access tools, Pitt says that universities like hers will be relying more than ever on building awareness with their student bodies about potential risks.
Intel’s recommendation is that smartphone users only download apps from trusted sources, but notes that in 2016 malicious apps were found in the Google Play store several times. Their suggestion is an increased user awareness of threats to mobile devices.
“We build awareness with our students on social media and around campus at orientation or the student union,” says Pitt.
Intel predicts the IoT will reach 1.8 billion devices by 2019 and furthermore believes security threats to these devices will be growing quickly.
University researchers at Carnegie Mellon University, Cornell University and Stanford University are already using IoT for research.
“Our first best practice is to make sure we aren’t putting IoT devices into our environment with their default passwords,” says Pitt. “Hackers can easily take advantage of those vulnerabilities.”
As Pitt mentioned, no university can be assured that they are 100 percent secure.
“Security is an enormous challenge,” says Pitt. “We want to invite collaboration and participation in our community, but it makes it that much more challenging to protect.”
As threats to university security continue to change and grow, Pitt says they must rely on experts like EDUCAUSE to set the guidelines and best practices for the human components of cybersecurity.
“It’s a multipronged effort to respond to multiprong threats,” says Pitt. “This changes from day to day and it’s why you want to have people on your team who wake up every day thinking proactively about security.”