The Current Cybersecurity Threats to Research Universities
You cannot protect research without securing the end users — faculty, staff and researchers —who make that data vulnerable to phishing and ransomware campaigns.
In other words, end users are the biggest threat to research security. “Human behavior is the most important thing in cybersecurity,” says Kelvin Coleman, executive director at the National Cyber Security Alliance (NCSA). An EDUCAUSE study found that 20 percent of faculty want convenience over security. It is no surprise that 70 percent of security breaches in 2019 occurred as a result of unsecured endpoint devices.
With the shift to remote work, end-user vulnerabilities have only increased. Thousands of vulnerable endpoints have popped up in laptops, tablets and mobile phones. Without proper research security policies in place, those entry points will be exploited to the detriment of universities and researchers.
What Are the Best Practices for Research Security?
It is still good practice to employ common cybersecurity measures, such as routine network monitoring, VPNs and intrusion detection systems. Having proper cyber hygiene, such as patching, updating and password discipline, should never be neglected. And multifactor authentication (with technologies such as Cisco Duo Security, Google Authenticator and Twilio Authy) as well as single sign-on software (such as Okta, Citrix and Rippling) are essential too.
But there are also new practices worth adopting. “One of the emerging trends is around endpoint detection and response (EDR),” says Brian Kelly, director of the cybersecurity program at EDUCAUSE, which — along with organizations such as the Association of American Universities and the Association of Public and Land-grant Universities — has begun documenting best research security practices.