The trusty Jansport you’ve used for years is dilapidated and it’s time to replace those three ring binders. Paper supplies to fresh bedding are filling up the trunk. Let’s not forget the full size mirror for the back of the door. Mom & Dad are throwing in a jammer RFID card for your wallet, insisting you need it as you trek across college campus, because you just never know what might happen. Dad is blaring ACDC’s Thunderstruck on the drive, explaining that the Ashley Madison hacker appears to love the song just as much as him. You laugh – c’mon you’re going back to college, who needs to think about their credit card being stolen on campus by an ill-willed classmate. Your parents remind you that more than 20 million students are expected to attend American colleges and universities this fall. A Javelin Strategy & Research study in 2015 reported 22% of students found out they were victims of identity fraud when contacted by a debt collector or when they were denied credit – which is three times higher than average fraud victims. As you pull into the parking lot to find out the new science innovation building is hosting a hack-a-thon, you realize that more than ever, the word hack is getting too much love. Later that week, you’re acknowledging the college rhetoric to ensure you won’t cheat, or worse-yet pay to have your grade hacked-for-the-better in your A&P II lab.
As students prepare for the back-to-class madness – what are universities doing to prepare for nefarious hacks across-campus and beyond? While students took the summer off, cyber criminals haven’t left class. While the financial industry hacks may lead to big pay-days, the higher education sector hoards treasure troves of top-flight intelligence and personal identifiable information. Whether its credit card information, student IDs, social security numbers, on-campus medical documents or confidential records belonging to the school, there are plenty of reasons cybercriminals may try and syphon this data.
2015 began with Stanford playing host to the President during their Cyber Security Summit, and Fordham University hosted the FBI with the International Conference on Cyber Security. Higher Ed is not just playing host to some of the largest cybersecurity summits these days, they’re playing victim to being hacked as well. Universities come in flavors of public and private with sprinklings of degree offerings and cybercriminals are tasting the rainbow. Last summer, Educause, released that between 2005 and 2013, there were 551 breach reports made by colleges and universities – a rate of just over one per week. Often, people parallel locking down the house to locking down a consumer portal, and the necessary layers of security needed in order to secure the information locked behind the portal doors. While some campuses install new WiFi enabled locks across campus this Fall, other campuses are locking down their external facing portals with stronger forms of risk-based authentication, that feels invisible to students and faculty. While it’s not as sexy as a new football stadium, it will end up saving you money.
Universities falling victim to breaches keep appearing in the news – Penn State, Harvard, Rutgers, just to name a few. In May, Penn State disabled its network in response to cyber thieves potentially looking for intellectual property. Some institutions are acting on remediation plans – kudos to Rutgers for making the investment. Rutgers is pouring $2-3M into cyber security improvements thanks to the challenges they’ve seen of late. This kind of investment impacts the bottom line and inevitably gets passed onto the student as well – the money is a new expense Rutgers campus officials cited as one of the reasons they raised tuition and fees 2.3 percent for the 2015-2016 school year.
Verizon’s DBIR ‘15 suggests the education sector sees an average of 2,332 malware events per week. What if universities began upgrading their cybersecurity measures more proactively? If an intelligence-driven, proactive, pragmatic approach got underway, could a dramatic fee hike be stunted and student information remain galvanized behind university portal doors? One might think so. The cliché, it’s not a matter of if, it’s when, shouldn’t be drowning in a new rec center pool, but rather ought to be echoing throughout university walls.
Learn more about cybercrime fraud tactics by following @RSAfraud or by joining our RSA Fraud & Risk Intelligence group on LinkedIn.
The post Are Cybersecurity Enhancements Drowning in the New Rec Center? appeared first on Speaking of Security - The RSA Blog and Podcast.