Dec 17 2020

4 Ways to Reduce Risk in Higher Ed IT in 2021

Focus on cloud computing and other key areas that may have shifted in recent months.

Not surprisingly, security continues to be a top priority for CIOs in 2021, according to Gartner. A survey of technology leaders by the research firm shows they understand that the threat landscape is constantly evolving and that they need to be prepared.

To provide guidance on current and future threats, security solutions provider FireEye recently released a report, “A Global Reset: Cyber Security Predictions 2021,” in which the authors agree with Gartner’s assessment.

“Threat actors will continue to attack without any regard for the challenges faced by their targets,” according the FireEye report. “This means organizations will continue to be breached, resulting in business disruptions, data compromise, reputational harm, and almost always a financial loss.”

What does this mean for higher education? Here are four areas where IT departments can be better prepared.

1. Support Cloud Expansions with Dedicated Security

Higher education institutions increasingly turned to the cloud in 2020. Earlier this year, Damian Doyle, assistant vice president for enterprise infrastructure solutions at the University of Maryland, Baltimore County, told EdTech, “I think [the pandemic] has done in a period of weeks and months what would have taken years and decades, in terms of adoption.”

Leapfrogging into the cloud brought speed and agility, but also broadened institutions’ attack surfaces. IT leaders need to ensure that the right security protocols are in place to support a cloud-based environment.

According to FireEye, these include:

  • An updated access and identity management (AIM) system: Ensure the right people have access to the right information and applications.
  • Full and accurate tracking of cloud assets: Accomplish this, if needed, with help from cloud security posture management tools that can detect risky misconfigurations.
  • Clarity and communication with providers: IT teams need to know exactly which security elements the cloud provider manages and which elements the university needs to address.

2. Work With Tech Partners to Monitor the Larger Ecosystem

In its “2020 Cyber Threatscape Report,” Accenture points out that many threats — up to 40 percent — originate outside of the organizations that eventually get targeted. One of the largest attacks of all time, the NotPetya attack, began as an assault on a Ukrainian company and spread worldwide through the supply chain.

Understanding and combatting these supply chain threats takes a lot of work, particularly for a single institution working alone. The Wall Street Journal recommends mapping out partners, vendors and software suppliers and collaborating to close security gaps.

3. Consider Security Partnerships with Other Industries

Fighting cybercrime takes teamwork, but IT and security teams don’t always have optimal collaboration. A joint report by VMware Carbon Black and Forrester Research notes that that nearly 78 percent of IT leaders reported a negative relationship between IT and security departments.

Fortunately, the same report notes that mending these rifts was a priority among IT professionals. Additionally, organizations such as OmniSOC and the Northeast Ohio CyberConsortium are creating partnerships within and beyond higher education to help institutions detect and mitigate bad actors together.

RELATED: Should purple teams be part of your defense strategy?

4. Get Ready for Ransomware Before an Attack Happens

FireEye’s 2021 predictions focus on ransomware and its rapid growth. Not only are the variety and frequency of ransomware increasing, but attackers are getting into the cloud-based application game as well, offering other criminals Ransomware as a Service attacks.

FireEye recommends that institutions segment networks, have secured backup plans and involve key stakeholders, such as nontechnology university leaders, as they prepare for a potential ransomware incident.

Getty Images/gorodenkoff