• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Security Challenges Mount for Higher Education

Author avatar of Kara DrapalaKara Drapala
Updated — October 15, 2020 • 4 minute read
View blog >

Universities and other higher education institutions have long been heralded as strongholds of advanced and independent thought. They are the crucibles in which our most brilliant minds are forged, serving as exchange points to discuss and collaborate on the new theories and inventions that shape our world. However, these great advantages also come with unique security challenges to overcome.
The higher education vertical has been often lumped together with the enterprise in security discourse—and to be fair, the two have many similarities, such as the need for multiple enforcement policies, large numbers of end users, and distributed networks, to name a few. However, the differences between the two are enough that universities and colleges need their own security discussion, one that examines the needs and challenges specific to higher education. And this discussion cannot happen soon enough. Since 2005, there have been more than 500 breaches at higher education institutions. In 2014 alone, these breaches accounted for 35% of all reported attacks.
To find out more about the unique challenges facing higher education, I sat down with OpenDNS Network Security Engineer Alvin Wong, who has held several IT and security positions at both the University of British Columbia and BCNet.
In Wong’s opinion, approaching security at an educational institution like a commercial enterprise may not be a good fit. “Academia requires free and open Internet access without filtering or censorship,” he said. “So to put in traditionally enterprise-focused security controls can be difficult and quite political, in the literal sense of the word.”
Academia Demands Open Networks
The disparity between being a secure institution, and being free and open is further complicated by the distributed nature of many university networks, which can stretch across cities and even around the globe. Although Wong mentioned several potential issues this system introduced, one of the most common was student and faculty connectivity. A professor in Tokyo must have the same protection as a professor in New York, as they’re accessing the same internal resources and data—not to mention partnerships with other schools and potentially corporations.
Another complication is the democratic process institutions use to decide issues like security and access. This dramatically increases the amount of time it takes for adequate security policies to take effect, an unfortunate situation in an industry where even seconds could make a substantial difference during an attack. “Everyone has to have a seat at the table,” Wong said. “It’s not the same as a corporate environment where you can have a strict security policy—a ‘straight block anything, ask questions later’ type of situation.”
Ramen Dinners, Library Naps, and BYOD
In a recent Forbes blog, Sue Poremba called campuses a “melting pot of devices, applications, social media groups, and technology fads.” Mobile devices have worked their way firmly into our everyday lives, and you’d be hard-pressed to find any college student without a laptop, smart phone, or tablet handy at all times.
This creates a host of issues for busy campus security practitioners, who must secure an ever-increasing number of devices. “Schools have a huge BYOD problem,” Wong said. “There’s no such thing as a perimeter for a university.”
Students aren’t the only ones bringing devices to the network either—especially in research universities. “When researchers get funded, they usually bring in their own equipment. The main focus is then getting that equipment hooked up to the network properly, instead of dictating policy,” Wong said. “Unfortunately, security isn’t always top of mind for researchers.” This is especially troubling as research is one of the most targeted elements inside campus networks, after personal data.
Rodney Petersen, managing director for the Washington office of EduCAUSE, says institutions have failed to acknowledge the need for better protection. “What we have been slow to recognize is that the information we have on campus–whether it’s the intellectual property of the academy, or more importantly personally identifiable information–requires a similar level of high protection,” he said.
Shadow IT Is Rampant in Campus Networks
In addition to the challenges presented by BYOD, and also in part because of them, shadow IT is another prevalent issue at universities. Wong indicated that due to the proliferation of cloud services, and a lack of visibility into network activity, administrators are essentially running blind.
“What’s to stop Professor X from putting some intellectual property on Dropbox or some other service, or sending an email from a non-university email? There’s all kinds of complexity surrounding where data is stored and people using things beyond the perimeter,” Wong said.
With app stores just a click away, and a campus full of insecure BYOD devices, shadow IT presents a juicy opportunity for attackers. “Our endpoints were a point of entry into our infrastructure,” Wong said. “We saw a lot of viruses, a lot of malware getting on machines—just detecting those and having visibility into the network was a challenge.”
User education is a way around this problem though, Wong stated. “Making sure everyone is on the same page when it comes to software, for example, what AV to use, and making these tools easily available, is essential,” he said. “Then, you can have staff reinforce the policy, like making sure students have up-to-date software versions installed.”
Phishing and Infrastructure Attacks
According to Wong, public universities are required to provide contact information online, providing a veritable feast of information for social engineers to use as credentials. With endpoints left vulnerable, spear phishing against a member of the school teaching staff or administration could prove devastatingly effective.
In addition to phishing, schools also have to be wary of parasitic infrastructure attacks, Wong said. “Universities are pretty valuable for computing power, and for bandwidth to store traffic or use for DDoS attacks—attackers aren’t just after the intellectual property, but are attempting to gain control of infrastructure they can leverage.”
These are a small sampling of the challenges faced by higher education institutions. As attacks grow bolder and technology advances, it becomes more vital than ever to have a scalable, robust security stack in place, as well as a healthy user education program to mitigate infections caused by user error. “A lot of higher ed security is reactive, simply because of the sheer scale and number of projects, and the disparate directions people are going,” Wong said. “It’s definitely harder than enterprise security, if we’re comparing the two.”

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella