Top Cybersecurity Risks 2015

In all likelihood, 2015 will set a new, unwelcome standard for cybersecurity threats and breaches. Although 2014 was a record year for breaches and simultaneously for diminished public trust, many analysts are describing it as a year in which hackers only enhanced their tradecraft. In 2014, cyberattacks became increasingly sophisticated and targeted, both very troubling trends. Taken as a whole, many analysts are suggesting that as bad as 2014 was, it will be revealed to have been a year of proof-of-concept attacks with far worse to come in 2015.

Higher education is a very challenging environment for security professionals, for numerous reasons. We are simultaneously confronted with the conflicting need to support information discovery and sharing while ensuring privacy and confidentiality. Universities are also among the least controlled environments technologically. Added to that, decentralization in many institutions presents a near impossible task concerning security and compliance.

Cybersecurity risks are numerous and growing. In fact, the “top ten” way of representing risks is no longer workable for security professionals, who must now monitor far more than ten active simultaneous threats in real-time. That said, there are seven significant risks that should be noted, and I convey them to institutional and IT leaders as threats particularly worth attention in 2015.

1. Employees. Human error, mistakes, lack of proper responsibility and even malicious intent make employees a very real threat. CIO magazine listed humans (disgruntled employees and careless or uninformed employees) as the top two threats for 2015. Note the term insider threat, and take all necessary safeguards.

2. Shadow IT organizations. These are usually small, unauthorized organizations that operate various IT services without awareness or authorization by the institution. They represent a serious and growing threat for many reasons, including security and compliance. Typically the only way to detect these groups is with extensive internal IT monitoring — which accounts for the fact that only about eight percent of IT shadow operations can be successfully tracked.

3. Mobile platforms and apps (Android, iOS). Smartphones and tablets have become prime targets. They are everywhere, have enormous capabilities (including financial transactions), and their OS’s are not particularly robust. Apple devices in general have become the subject of focused attacks. It was never that Macs were particularly safe; only that Windows has traditionally been a more target-rich environment. Today, Android and iOS are hacker favorites.

4. Locally stored information. Institutions are flush with data that should be kept private, secure, confidential — and centrally stored and protected. Yet higher education is notorious for having information — such as student and donor information — downloaded, transmitted and stored on unsecured laptops and flash drives.

5. Unsecured web servers and web applications. These are everywhere in higher education, and they are commonly used without adequate security provisioning, even for e-commerce, and contain privileged information, including in many cases personally identifiable information (PII), credit cards and social security numbers.

6. Cyberespionage and cybersabotage. This is a rapidly escalating threat, particularly for research universities. Increasingly, research is based on potential benefits rather than “pure” research. As a result, the potential benefits, if stolen or destroyed, are much greater. Nation-state attacks are increasingly common and powerful, and the potential of research data for financial and security gains is enormous.

7. Legacy systems and data, particularly open-source and community-source software. Old source code (OSC) is recognized as a potent threat because older systems were engineered with much less attention to the cyberthreats that are rampant today. Open-source or community-source systems are at even greater risk for a simple reason — the source code is readily available. Higher education is known for old systems and for community-source software. These will be increasingly targeted, consistent with the global trend.

These seven areas are particularly noteworthy for higher education. The first step is awareness of the threat. The second is addressing it effectively. Cyber liability insurance (CLI) is now considered the norm, and colleges and universities should consider that opportunity carefully. But CLI is primarily for post-breach response. The key is doing everything possible to avoid breaches, because the costs for not doing so are enormous.

This article originally appeared in the issue of .

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • i-PRO, NovoTrax Partner for New School Emergency Response Solution

    i-PRO Americas, Inc., which manufactures edge computing cameras, recently announced a partnership with NovoTrax, provider of end-to-end life safety and mass notification solutions, to address gaps in emergency response workflows at K–12 schools, according to a news release.

  • Lawrence Group Announces Expansion of Student Housing Studio

    Integrated planning and design firm Lawrence Group recently announced that it has hired Nick Naeger, AIA, as the new Associate Principal / Senior Project Manager at its headquarters in St. Louis, Mo., according to a news release.

  • Allegion US Partners with Two Colleges for Mobile Credential Technology

    Allegion US recently announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campus-wide, according to a news release. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.

  • ClassVR Wins Tech & Learning Best of Show at ISTELive 25

    Avantis Education recently announced that its flagship product, ClassVR, won the Tech & Learning Best of Show Award at ISTELive 25 in San Antonio, Texas, according to a news release. The program is designed to celebrate products that are “transforming education in schools around the world and that show the greatest promise for the industry,” and this is the fourth consecutive year that Avantis has claimed the award.

Digital Edition