• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Security

Security Challenges Mount for Higher Education

By Kara Drapala
Posted on May 6, 2015
Updated on October 15, 2020

Share

Facebook0Tweet0LinkedIn0

Universities and other higher education institutions have long been heralded as strongholds of advanced and independent thought. They are the crucibles in which our most brilliant minds are forged, serving as exchange points to discuss and collaborate on the new theories and inventions that shape our world. However, these great advantages also come with unique security challenges to overcome.
The higher education vertical has been often lumped together with the enterprise in security discourse—and to be fair, the two have many similarities, such as the need for multiple enforcement policies, large numbers of end users, and distributed networks, to name a few. However, the differences between the two are enough that universities and colleges need their own security discussion, one that examines the needs and challenges specific to higher education. And this discussion cannot happen soon enough. Since 2005, there have been more than 500 breaches at higher education institutions. In 2014 alone, these breaches accounted for 35% of all reported attacks.
To find out more about the unique challenges facing higher education, I sat down with OpenDNS Network Security Engineer Alvin Wong, who has held several IT and security positions at both the University of British Columbia and BCNet.
In Wong’s opinion, approaching security at an educational institution like a commercial enterprise may not be a good fit. “Academia requires free and open Internet access without filtering or censorship,” he said. “So to put in traditionally enterprise-focused security controls can be difficult and quite political, in the literal sense of the word.”
Academia Demands Open Networks
The disparity between being a secure institution, and being free and open is further complicated by the distributed nature of many university networks, which can stretch across cities and even around the globe. Although Wong mentioned several potential issues this system introduced, one of the most common was student and faculty connectivity. A professor in Tokyo must have the same protection as a professor in New York, as they’re accessing the same internal resources and data—not to mention partnerships with other schools and potentially corporations.
Another complication is the democratic process institutions use to decide issues like security and access. This dramatically increases the amount of time it takes for adequate security policies to take effect, an unfortunate situation in an industry where even seconds could make a substantial difference during an attack. “Everyone has to have a seat at the table,” Wong said. “It’s not the same as a corporate environment where you can have a strict security policy—a ‘straight block anything, ask questions later’ type of situation.”
Ramen Dinners, Library Naps, and BYOD
In a recent Forbes blog, Sue Poremba called campuses a “melting pot of devices, applications, social media groups, and technology fads.” Mobile devices have worked their way firmly into our everyday lives, and you’d be hard-pressed to find any college student without a laptop, smart phone, or tablet handy at all times.
This creates a host of issues for busy campus security practitioners, who must secure an ever-increasing number of devices. “Schools have a huge BYOD problem,” Wong said. “There’s no such thing as a perimeter for a university.”
Students aren’t the only ones bringing devices to the network either—especially in research universities. “When researchers get funded, they usually bring in their own equipment. The main focus is then getting that equipment hooked up to the network properly, instead of dictating policy,” Wong said. “Unfortunately, security isn’t always top of mind for researchers.” This is especially troubling as research is one of the most targeted elements inside campus networks, after personal data.
Rodney Petersen, managing director for the Washington office of EduCAUSE, says institutions have failed to acknowledge the need for better protection. “What we have been slow to recognize is that the information we have on campus–whether it’s the intellectual property of the academy, or more importantly personally identifiable information–requires a similar level of high protection,” he said.
Shadow IT Is Rampant in Campus Networks
In addition to the challenges presented by BYOD, and also in part because of them, shadow IT is another prevalent issue at universities. Wong indicated that due to the proliferation of cloud services, and a lack of visibility into network activity, administrators are essentially running blind.
“What’s to stop Professor X from putting some intellectual property on Dropbox or some other service, or sending an email from a non-university email? There’s all kinds of complexity surrounding where data is stored and people using things beyond the perimeter,” Wong said.
With app stores just a click away, and a campus full of insecure BYOD devices, shadow IT presents a juicy opportunity for attackers. “Our endpoints were a point of entry into our infrastructure,” Wong said. “We saw a lot of viruses, a lot of malware getting on machines—just detecting those and having visibility into the network was a challenge.”
User education is a way around this problem though, Wong stated. “Making sure everyone is on the same page when it comes to software, for example, what AV to use, and making these tools easily available, is essential,” he said. “Then, you can have staff reinforce the policy, like making sure students have up-to-date software versions installed.”
Phishing and Infrastructure Attacks
According to Wong, public universities are required to provide contact information online, providing a veritable feast of information for social engineers to use as credentials. With endpoints left vulnerable, spear phishing against a member of the school teaching staff or administration could prove devastatingly effective.
In addition to phishing, schools also have to be wary of parasitic infrastructure attacks, Wong said. “Universities are pretty valuable for computing power, and for bandwidth to store traffic or use for DDoS attacks—attackers aren’t just after the intellectual property, but are attempting to gain control of infrastructure they can leverage.”
These are a small sampling of the challenges faced by higher education institutions. As attacks grow bolder and technology advances, it becomes more vital than ever to have a scalable, robust security stack in place, as well as a healthy user education program to mitigate infections caused by user error. “A lot of higher ed security is reactive, simply because of the sheer scale and number of projects, and the disparate directions people are going,” Wong said. “It’s definitely harder than enterprise security, if we’re comparing the two.”

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella