Higher Ed IT Leaders Share Strategies to Boost Cybersecurity
Cybersecurity is “the number one issue in the minds of IT leaders” in higher education, said Hernan Londono, chief technology and innovation strategist for education at Dell Technologies, at a recent webinar.
That’s because cyberattacks are on the rise. In 2022, malware attacks targeting higher education rose 26 percent compared to the year before, according to global data from a SonicWall customer survey across multiple industries.
The higher education field stands out as a target in the evolving threat landscape because of the profusion and variety of records that institutions keep, Londono, said.
“When you think about these bad actors, they look at higher education, and they say, ‘Well, people in higher education collect academic records, and they collect financial records, and they collect medical records … it’s not a coincidence that bad actors target higher education,” he said during the webinar, “IT Modernization That Drives Higher Education Forward.”
Kendra Ketchum, vice president for information management and technology at The University of Texas, San Antonio (UTSA), said that because academic institutions are “notoriously open … open access, open research, we had to start shifting the mindset to awareness, protection, and educating around preventive measures.”
More than 90 percent of attacks, Ketchum said, are initiated by email, a link, or malware through a phishing campaign. “Sadly, students are getting phished,” she noted. “They get notes from a make-believe professor saying ‘I’m going to send you a check. You’re going to do some research for me.’ They go out and cash it.”
Both higher education IT experts offered tips for how institutions can anticipate attacks and fight back against cyber criminals.
Especially important, Ketchum said, is laying out a data management strategy. “Understand the classifications of your data that you see coming in and out of your organization,” she advised. “How many patents do you have? Do you have the opportunity to understand who’s working in your data center?”
Among her first steps upon arriving on campus, Ketchum said, was setting up a security operations center and staffing it with graduate students in the university’s cybersecurity program. She also recommended that institutions send out regular emails, as UTSA does, with cyber tips on topics such as handling suspicious emails.
Additionally, Ketchum advised IT leaders to run phishing simulations to see if people on campus will click on such emails. “Run a red team exercise to understand how you would navigate through an incident happening on your campus,” she suggested.
Cybersecurity should be a year-round activity, Ketchum reminded. “Don’t let it get to the last minute of the last hour before Christmas break when everybody leaves and learn the hard way,” she said. “ … Preparation matters.”
Londono emphasized a broad focus on modern infrastructure, with institutions overcoming budget constraints, building backup systems, and taking care of deferred IT maintenance so systems are resilient enough to withstand attacks. If these critical steps are not taken, he said, “the bad guys (will) know they can really be successful.”
A recent MeriTalk research report, in partnership with Dell Technologies, Intel, Microsoft, and VMware, found that 87 percent of higher education IT decision makers say outdated IT leaves their organizations vulnerable to potential cyber threats. The report offers recommendations on how higher education leaders can modernize IT infrastructure to guard against attacks.
For more insight, view the webinar on demand.