Aug 11 2020

Make the Case for Better Cybersecurity Spending in Higher Education

As higher education responds to the increased vulnerabilities that come with remote learning, leaders should take time to align around their security strategy.

With higher education shifting en masse to remote and online learning, academic and IT leaders have faced an onslaught of challenges. Chief among those hurdles is the need for heightened cybersecurity, even as budgets and resources wane.

Higher education networks have long been a high-value target for cybercriminals. After COVID-19 shut down campuses around the world — forcing students, faculty and staff online — the nation saw a spike in cyberattacks, from videobombing to ransomware and phishing.

Conducted in January, a survey by CDW and IDG found that education leaders expected to devote just 20 percent of their IT budgets to risk mitigation over the next two years. Respondents anticipated that other priorities — such as IT modernization, improved collaboration and better user experiences — might receive bigger slices of the pie. But, with an increase in threats and budgets in flux, many in higher education may find themselves reconsidering their IT spending.

As they prepare for the school year ahead, higher education leaders and IT professionals should first take time to unite around a common goal when it comes to institutional security strategies. Addressing today’s rising vulnerabilities and navigating the threat landscape requires a cohesive, comprehensive plan that takes into account an institution’s specific needs, goals and challenges.

A Unified Security Approach

Because colleges and universities house an enormous array of sensitive data — covering everything from personal health and finances to intellectual property — a security breach can have severe and far-reaching consequences. Cybersecurity’s influence over higher education must be just as pervasive.

In a comprehensive security strategy, the responsibility for safeguarding systems and data extends beyond the IT department to everyone in the organization, from students and instructors up through the highest levels of leadership. Even vendors play a role.

Of course, the organization’s processes and technologies also must come together to ensure the prevention, detection and remediation of threats is as effective as possible, but no security measure exists in a vacuum. Comprehensive security instead looks at risk mitigation in the context of higher education’s wider mission: enabling student success.

For colleges and universities that have, in the past, taken a more siloed approach to protecting data and systems, adopting comprehensive security may require a shift in thinking. That makes it more important than ever for stakeholders to sit down together to discuss cybersecurity’s evolving role at their institution and the investment required to achieve the university’s goals.