Top Cybersecurity Risks 2015

In all likelihood, 2015 will set a new, unwelcome standard for cybersecurity threats and breaches. Although 2014 was a record year for breaches and simultaneously for diminished public trust, many analysts are describing it as a year in which hackers only enhanced their tradecraft. In 2014, cyberattacks became increasingly sophisticated and targeted, both very troubling trends. Taken as a whole, many analysts are suggesting that as bad as 2014 was, it will be revealed to have been a year of proof-of-concept attacks with far worse to come in 2015.

Higher education is a very challenging environment for security professionals, for numerous reasons. We are simultaneously confronted with the conflicting need to support information discovery and sharing while ensuring privacy and confidentiality. Universities are also among the least controlled environments technologically. Added to that, decentralization in many institutions presents a near impossible task concerning security and compliance.

Cybersecurity risks are numerous and growing. In fact, the “top ten” way of representing risks is no longer workable for security professionals, who must now monitor far more than ten active simultaneous threats in real-time. That said, there are seven significant risks that should be noted, and I convey them to institutional and IT leaders as threats particularly worth attention in 2015.

1. Employees. Human error, mistakes, lack of proper responsibility and even malicious intent make employees a very real threat. CIO magazine listed humans (disgruntled employees and careless or uninformed employees) as the top two threats for 2015. Note the term insider threat, and take all necessary safeguards.

2. Shadow IT organizations. These are usually small, unauthorized organizations that operate various IT services without awareness or authorization by the institution. They represent a serious and growing threat for many reasons, including security and compliance. Typically the only way to detect these groups is with extensive internal IT monitoring — which accounts for the fact that only about eight percent of IT shadow operations can be successfully tracked.

3. Mobile platforms and apps (Android, iOS). Smartphones and tablets have become prime targets. They are everywhere, have enormous capabilities (including financial transactions), and their OS’s are not particularly robust. Apple devices in general have become the subject of focused attacks. It was never that Macs were particularly safe; only that Windows has traditionally been a more target-rich environment. Today, Android and iOS are hacker favorites.

4. Locally stored information. Institutions are flush with data that should be kept private, secure, confidential — and centrally stored and protected. Yet higher education is notorious for having information — such as student and donor information — downloaded, transmitted and stored on unsecured laptops and flash drives.

5. Unsecured web servers and web applications. These are everywhere in higher education, and they are commonly used without adequate security provisioning, even for e-commerce, and contain privileged information, including in many cases personally identifiable information (PII), credit cards and social security numbers.

6. Cyberespionage and cybersabotage. This is a rapidly escalating threat, particularly for research universities. Increasingly, research is based on potential benefits rather than “pure” research. As a result, the potential benefits, if stolen or destroyed, are much greater. Nation-state attacks are increasingly common and powerful, and the potential of research data for financial and security gains is enormous.

7. Legacy systems and data, particularly open-source and community-source software. Old source code (OSC) is recognized as a potent threat because older systems were engineered with much less attention to the cyberthreats that are rampant today. Open-source or community-source systems are at even greater risk for a simple reason — the source code is readily available. Higher education is known for old systems and for community-source software. These will be increasingly targeted, consistent with the global trend.

These seven areas are particularly noteworthy for higher education. The first step is awareness of the threat. The second is addressing it effectively. Cyber liability insurance (CLI) is now considered the norm, and colleges and universities should consider that opportunity carefully. But CLI is primarily for post-breach response. The key is doing everything possible to avoid breaches, because the costs for not doing so are enormous.

This article originally appeared in the issue of .

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • How One School Reimagined Learning Spaces—and What Others Can Learn

    When Collegedale Academy, a PreK–8 school outside Chattanooga, Tenn., needed a new elementary building, we faced the choice that many school leaders eventually confront: repair an aging facility or reimagine what learning spaces could be. Our historic elementary school held decades of memories for families, including some who had once walked its halls as children themselves. But years of wear and the need for costly repairs made it clear that investing in the old building would only patch the problems rather than solve them.

  • KI Launches K–12 Classroom Furniture Giveaway

    Contract furniture company KI recently announced the launch of its fourth-annual Classroom Furniture Giveaway, which awards $50,000 each to four K–12 educators across the U.S., according to a news release. The goal is to address decreasing student engagement and increasing teacher burnout numbers by updating learning spaces to accommodate modern needs.

  • Tennessee State University Gains Approval for New Engineering Facility

    Tennessee State University in Nashville, Tenn., recently announced that it has received approval from the Tennessee State Building Commission to build a new engineering building on campus, according to a university news release. The 70,000-square-foot, $50-million facility will play home to the university’s engineering programs and the Applied & Industrial Technology program.

  • Colorado State University Global, SCTE Launch Online Certificate Program

    Colorado State University Global (CSU Global), based in Denver, Colo., recently announced a partnership with CableLabs subsidiary the Society of Cable Telecommunications Engineers (SCTE) to launch an online certificate training program for broadband professionals, according to a news release.