Higher Ed Campuses Have Digitized: Protecting Sensitive Data Requires a Unified Approach

Originally published by Lookout here.

Written by Tony D'Angelo, Vice President, Public Sector, Lookout.

Higher education institutions have long been subjected to ransomware and other cyber attacks, which has had a huge impact on their operations. In 2020 alone, ransomware attacks affected nearly 1,700 U.S. schools, colleges and universities – which is an increase of 100% over the previous year. The average cost of these attacks were $2.73 million in downtime, repairs and lost opportunities.

And there’s no letup in sight, especially given how lucrative these attacks have been for their operators. In just one-month of 2021, for example, educational organizations suffered over 5.8 million malware incidents. As a result, demands to protect systems and data are rising. Institutions are now subject to more stringent cybersecurity and privacy expectations and mandates from the public and private sectors.

Why are higher education institutions vulnerable

The biggest reason that higher education institutions are a major target is because of the large amount of sensitive data they handle, process and store, such as personally identifiable information (PII) of staff, students and families. There is also intellectual property (IP) developed in collaboration with government agencies and academic and business partners that is widely distributed throughout an institution.

Another major reason these institutions are lucrative targets is because of their decentralized security. An institution’s departments and colleges operate semi-autonomously, with each research program acquiring and deploying their own IT assets. This heterogeneous environment creates infrastructure islands that limit visibility and control of data. Not only does this make attacks easier, accidental data sharing also becomes an issue.

The digital campus ups the ante

Even when everyone sat inside classrooms and offices, higher education institutions already faced significant data protection challenges. The coronavirus pandemic significantly increased the complexity of the problem by accelerating the digital migration that was supposed to occur over a long period of time. Institutions were suddenly asked to support a fully remote campus where students, faculty, administrative staff and partners were engaging with each other virtually.

Digital transformation introduces new risks and data protection requirements, especially as data is sprawled across countless apps and unmanaged devices and networks are commonly being used. With security tools still tethered to campuses, higher education institutions no longer have visibility and control over their data.

Current security tools are inadequate

To address enhanced data protection and compliance requirements, higher education institutions need cybersecurity that works no matter where data goes. Legacy security solutions support a traditional network architecture where everyone and everything resided on campuses. As everyone connects from anywhere and on any device, these solutions become inadequate.

Some institutions have begun deploying cloud-delivered security, but these tools often are deployed in isolation. Without products working with each other, security gaps remain open as administrators must switch between consoles to get a clear view of status and performance.

The stakes are high

Institutions that maintain the security status quo will not only find themselves at a steep competitive disadvantage, but they will also suffer consequences like these:

• University of California San Francisco paid $1.14 million to restore operations following a ransomware attack.
• University of Utah paid $500,000 in ransom to retrieve its data from servers that handles student and faculty information.
• Schools including Des Moines Area Community College, Monroe College and Howard University had to cancel all classes, as well as limit access to websites, email and learning management systems for weeks because they were ill-prepared for cyber attacks.

Data protection requires a unified approach

Higher education institutions need next-generation security solutions that effectively help prevent and mitigate cyber risks amidst an ever changing and increasingly sophisticated operating environment and threat landscape.

With a unified platform that includes native data protection capabilities, it delivers comprehensive, consistent, end-to-end data protection that gives institutions full visibility and control over its infrastructure.

By reducing the risk and impact of ransomware and other cyber-attacks –even as the network perimeter disappears and data sprawls across countless apps –institutions can more quickly and confidently create and maintain a secure, safe, compliant digital campus for remote learning, work, and collaboration.