Aaron Mimran, Regional Vice President, Comcast Business
Colleges, universities and technical schools are entrusted with many forms of personal and financial information, which makes their networks a prime target for cyberattacks. As a result, advanced security solutions are an important part of a school’s operations, one that can not only keep them protected but also improve efficiencies, ultimately saving them money.
As colleges and universities look to incorporate this technology into their IT infrastructure, it is helpful for them to understand the types of cyber threats they face, their potential vulnerabilities and what to know when choosing a security solution to protect the sensitive information on their networks.
Ransomware: One of the most newsworthy types of cyberattacks is ransomware, which results in a victim’s system being held hostage until they agree to pay a ransom to the attacker. At least eight colleges and universities in North America have reported ransomware attacks since December 2022.
DDoS: Distributed denial-of-service (DDoS) attacks leverage compromised Internet-connected devices that are infected with malware with the goal of making a network or website inaccessible. Thousands of infected devices will flood a network or website server all at once to overload and exhaust its bandwidth. While these attacks usually do not involve data breaches, they can impact the critical services students and faculty rely on.
Phishing: Phishing attacks tend to be the most well-known cyber threat. To be successful, a user needs to be tricked into interacting with an infected link, website or attachment. This allows the attacker to have access to the user’s device which can then provide them direct access to the network that device is on and the information it contains.
Campuses throughout Pennsylvania have adopted Internet of Things (IoT) technology that monitor or manage services such as heating and cooling systems, lights, security cameras and deliveries. Internet-connected devices help universities provide efficient services to students and faculty, reduce staffing costs and innovate practices that improve quality of residential life. Using Internet-connected devices also introduces new vulnerabilities and risks for schools.
Many schools are also discovering that they don’t have the resources or tools in place to support cybersecurity threats, including:
People: Many smaller colleges and technical schools do not have robust IT teams who can conduct a risk assessment, identify potential risks and provide the necessary ongoing support to prevent attacks. Administrators also play an important role in developing sound policy and approving funding requests in a timely manner to ensure the security of sensitive data their organizations maintain.
Processes: Regular assessments of hardware, network equipment, WiFi access points and software programs are important to a school’s cybersecurity strategy. In addition, student and employee education about network usage and best practices can help reduce phishing attempts, password attacks and even ransomware downloads.
Technology: While laptops and smartphones introduce vulnerabilities to a college’s network, IoT technology adds a layer of complexity to a school’s cybersecurity plan. Outdated technology and irregular security patches and software updates also leave colleges and universities vulnerable to cybercriminals.
All three pillars must work together to reduce vulnerabilities and help ensure normal functions of emergency and routine campus services. For example, schools should establish and enforce a password management policy for all students and employees, provide faculty with updated equipment that uses multi-factor authentication and encourage those using school equipment to install software updates that help reduce security vulnerabilities.
Implementing an advanced security solution involves leveraging a software-defined wide area network (SD-WAN). Traditional networks were not designed for today’s cloud-first environment, leading to subpar application performance, wasted bandwidth and network latency – all critical factors in time-sensitive cyber threats. SD-WANs can automate network traffic and network security functions, allowing schools to better serve and protect their students and staff in a more efficient manner.
When looking for managed security solutions, schools should consider providers that:
• Focus on business results – Colleges and universities should look for a partner who not only wants to provide the best service but also provide the right service to help address goals and needs.
• Support for both network and security – As network and security become more integrated, having a managed service provider that can support on both fronts is ideal.
• 24/7/365 remote monitoring and management – The need for reliable connectivity and security brings with it the need for 24/7/365 threat monitoring and remediation.
• Advanced security, real-world expertise – The current skills gaps and ever-evolving threat landscape increase the need for a partner that has the expertise, without a learning curve.
• Ability to service both legacy and modern systems – As campuses modernize, the need to integrate and service legacy systems remains.
The complexities of today’s IT environments are challenging for even the most seasoned and well-staffed teams. By understanding the threats and potential vulnerabilities and choosing the right advanced security solutions, a school’s network can remain connected and protected, so they can continue to focus on supporting their students.