Top Cybersecurity Risks 2015

In all likelihood, 2015 will set a new, unwelcome standard for cybersecurity threats and breaches. Although 2014 was a record year for breaches and simultaneously for diminished public trust, many analysts are describing it as a year in which hackers only enhanced their tradecraft. In 2014, cyberattacks became increasingly sophisticated and targeted, both very troubling trends. Taken as a whole, many analysts are suggesting that as bad as 2014 was, it will be revealed to have been a year of proof-of-concept attacks with far worse to come in 2015.

Higher education is a very challenging environment for security professionals, for numerous reasons. We are simultaneously confronted with the conflicting need to support information discovery and sharing while ensuring privacy and confidentiality. Universities are also among the least controlled environments technologically. Added to that, decentralization in many institutions presents a near impossible task concerning security and compliance.

Cybersecurity risks are numerous and growing. In fact, the “top ten” way of representing risks is no longer workable for security professionals, who must now monitor far more than ten active simultaneous threats in real-time. That said, there are seven significant risks that should be noted, and I convey them to institutional and IT leaders as threats particularly worth attention in 2015.

1. Employees. Human error, mistakes, lack of proper responsibility and even malicious intent make employees a very real threat. CIO magazine listed humans (disgruntled employees and careless or uninformed employees) as the top two threats for 2015. Note the term insider threat, and take all necessary safeguards.

2. Shadow IT organizations. These are usually small, unauthorized organizations that operate various IT services without awareness or authorization by the institution. They represent a serious and growing threat for many reasons, including security and compliance. Typically the only way to detect these groups is with extensive internal IT monitoring — which accounts for the fact that only about eight percent of IT shadow operations can be successfully tracked.

3. Mobile platforms and apps (Android, iOS). Smartphones and tablets have become prime targets. They are everywhere, have enormous capabilities (including financial transactions), and their OS’s are not particularly robust. Apple devices in general have become the subject of focused attacks. It was never that Macs were particularly safe; only that Windows has traditionally been a more target-rich environment. Today, Android and iOS are hacker favorites.

4. Locally stored information. Institutions are flush with data that should be kept private, secure, confidential — and centrally stored and protected. Yet higher education is notorious for having information — such as student and donor information — downloaded, transmitted and stored on unsecured laptops and flash drives.

5. Unsecured web servers and web applications. These are everywhere in higher education, and they are commonly used without adequate security provisioning, even for e-commerce, and contain privileged information, including in many cases personally identifiable information (PII), credit cards and social security numbers.

6. Cyberespionage and cybersabotage. This is a rapidly escalating threat, particularly for research universities. Increasingly, research is based on potential benefits rather than “pure” research. As a result, the potential benefits, if stolen or destroyed, are much greater. Nation-state attacks are increasingly common and powerful, and the potential of research data for financial and security gains is enormous.

7. Legacy systems and data, particularly open-source and community-source software. Old source code (OSC) is recognized as a potent threat because older systems were engineered with much less attention to the cyberthreats that are rampant today. Open-source or community-source systems are at even greater risk for a simple reason — the source code is readily available. Higher education is known for old systems and for community-source software. These will be increasingly targeted, consistent with the global trend.

These seven areas are particularly noteworthy for higher education. The first step is awareness of the threat. The second is addressing it effectively. Cyber liability insurance (CLI) is now considered the norm, and colleges and universities should consider that opportunity carefully. But CLI is primarily for post-breach response. The key is doing everything possible to avoid breaches, because the costs for not doing so are enormous.

This article originally appeared in the issue of .

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or david.dodd@stevens.edu.

Featured

  • Exhale Fans Launches New Generation of Bladeless Ceiling Fan

    Exhale Fans recently announced the launch of Gen. 5 of its flagship HVAC delivery product, the world’s only bladeless ceiling fan, according to a news release. The fan provides users with a 10% savings on HVAC energy costs and requires no renovations to current systems to install.

  • VLK Architects Receives Caudill Award for Texas Learning Center

    VLK Architects recently received the Caudill Award for its work on the Dr. Jim F. Chadwell Administration Building and Discovery Lab Learning Center for Eagle Mountain-Saginaw ISD in Fort Worth, Texas, according to a news release. The award is the highest honor from the Texas Association of School Administrators (TASA) / Texas Association of School Boards (TASB) Exhibit of School Architecture yearly competition.

  • PNSI Global Alliance Launches New Quality Assurance Certification

    PNSI Global Alliance, a network of technology integrators and service providers, recently introduced a new Quality Assurance Certification (QAC) for AV service and support, according to a press release. The two-day, interactive workshop QAC course is designed for Certified Solution Providers (CSPs) to provide them with the most up-to-date and advanced quality assurance knowledge available.

  • Norfolk State University Partners with Voltus for Energy Efficiency Program

    Norfolk State University recently announced that it has selected Voltus, Inc., to implement the university’s new energy efficiency program on its campus in Norfolk, Va. According to a news release, the partnership’s goal is to reduce campus energy use by 27% by the year 2030 and support grid reliability across the state of Virginia.