Oct 04 2022

3 Shifts Driving the Need for Improved Incident Response in Higher Education

Worsening threats, new cyber insurance mandates and changes to higher education infrastructure create security challenges incident response can help solve.

For higher education institutions squaring off against today’s sophisticated cybercriminals, the stakes are high: A successful breach can result in potential disruptions to student success; loss of private student, faculty and research data; reputational damage; and even the risk of legal action.

Incident response programs help mitigate the impact of such events by enabling higher education institutions providers to act swiftly and thoroughly in the likely event of a compromise. Many organizations already recognize the value of such a program, but in this global threat landscape, there is no such thing as being too prepared.

LOCK DOWN YOUR DATA: Explore processes, solutions and services for strengthening your incident response program.

Here are three important reasons you should consider adopting or expanding your incident response plans this year:

1. Ransomware Attackers Move Swiftly Once Inside Your Network

According to the cybersecurity website Dark Reading, median dwell time for all cyber incidents fell from 56 days to 24 days between 2020 and 2021. Although the drop is in part driven by organizations’ growing adeptness at detecting threats, the larger truth is much darker: Overall dwell time has decreased so significantly because today’s ransomware sits on the network for a median of just five days before locking organizations out of their systems.

“It’s going so quickly, so stealthily, that we don’t even have as much time to catch inconsistencies before we’re already locked down,” says Mikela Lea, a CDW field solution architect focused on security assessments.

NCSAM visual sidebar graphic

The reduced time from system infiltration to the arrival of ransomware demands makes it even more critical that IT teams have a plan in place for responding to incidents the moment an inconsistency is detected. That’s especially true in higher education: Sophos’s “The State of Ransomware 2022” report notes that 64 percent of higher ed respondents were hit by ransomware in 2021.

2. New Mandates Make Incident Response a Wider Priority

Cybersecurity insurance policies can reduce the financial impact of a security incident in higher education. However, with the ever-growing threat of ransomware and other attacks, insurance companies have become less willing to foot the bill for customers that aren’t taking precautions.

This reluctance can lead to one of two outcomes for organizations: Their insurance companies may not provide coverage without certain proactive measures in place, or their premiums may go up.

For some organizations, those consequences have drawn the attention of finance departments or other upper-level executives who had previously not had a hand in security. That means higher education IT professionals should be prepared to defend their incident response plans should they come under the spotlight with new stakeholders.

Click the banner below to learn how to strengthen your team's security strategy.

3. Evolving Solutions Require Governance and Security Documentation

The pace of change within higher education also reinforces the need for formal security policies and procedures. For instance, even before the COVID-19 pandemic accelerated cloud adoption and remote learning, institutions consistently looked to digital innovations to boost student success.

Nearly every technology change that higher education institutions make can affect incident response planning. CDW’s Lea notes that even if an organization is just switching vendors for student databases, it should have a clear governance framework in place. “Who’s going to have ownership of it? How is it going to be managed? All of this needs to be documented ahead of time,” she says.

SIDESTEP COMMON MISTAKES: Insufficient documentation is just one way your incident response plan can go awry. Discover more avoidable errors in the CDW white paper.

Mergers and acquisitions, which are becoming increasingly common in higher education, represent another area where documented security policies and procedures are incredibly important.

“We need to test those new environments before we add them,” Lea says, and a thoughtfully designed and executed incident response program helps ensure no stone is left unturned.

Bookmark this page for more security stories during National Cybersecurity Awareness Month.

H Studios/Stocksy

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT