Top Cybersecurity Risks 2015

In all likelihood, 2015 will set a new, unwelcome standard for cybersecurity threats and breaches. Although 2014 was a record year for breaches and simultaneously for diminished public trust, many analysts are describing it as a year in which hackers only enhanced their tradecraft. In 2014, cyberattacks became increasingly sophisticated and targeted, both very troubling trends. Taken as a whole, many analysts are suggesting that as bad as 2014 was, it will be revealed to have been a year of proof-of-concept attacks with far worse to come in 2015.

Higher education is a very challenging environment for security professionals, for numerous reasons. We are simultaneously confronted with the conflicting need to support information discovery and sharing while ensuring privacy and confidentiality. Universities are also among the least controlled environments technologically. Added to that, decentralization in many institutions presents a near impossible task concerning security and compliance.

Cybersecurity risks are numerous and growing. In fact, the “top ten” way of representing risks is no longer workable for security professionals, who must now monitor far more than ten active simultaneous threats in real-time. That said, there are seven significant risks that should be noted, and I convey them to institutional and IT leaders as threats particularly worth attention in 2015.

1. Employees. Human error, mistakes, lack of proper responsibility and even malicious intent make employees a very real threat. CIO magazine listed humans (disgruntled employees and careless or uninformed employees) as the top two threats for 2015. Note the term insider threat, and take all necessary safeguards.

2. Shadow IT organizations. These are usually small, unauthorized organizations that operate various IT services without awareness or authorization by the institution. They represent a serious and growing threat for many reasons, including security and compliance. Typically the only way to detect these groups is with extensive internal IT monitoring — which accounts for the fact that only about eight percent of IT shadow operations can be successfully tracked.

3. Mobile platforms and apps (Android, iOS). Smartphones and tablets have become prime targets. They are everywhere, have enormous capabilities (including financial transactions), and their OS’s are not particularly robust. Apple devices in general have become the subject of focused attacks. It was never that Macs were particularly safe; only that Windows has traditionally been a more target-rich environment. Today, Android and iOS are hacker favorites.

4. Locally stored information. Institutions are flush with data that should be kept private, secure, confidential — and centrally stored and protected. Yet higher education is notorious for having information — such as student and donor information — downloaded, transmitted and stored on unsecured laptops and flash drives.

5. Unsecured web servers and web applications. These are everywhere in higher education, and they are commonly used without adequate security provisioning, even for e-commerce, and contain privileged information, including in many cases personally identifiable information (PII), credit cards and social security numbers.

6. Cyberespionage and cybersabotage. This is a rapidly escalating threat, particularly for research universities. Increasingly, research is based on potential benefits rather than “pure” research. As a result, the potential benefits, if stolen or destroyed, are much greater. Nation-state attacks are increasingly common and powerful, and the potential of research data for financial and security gains is enormous.

7. Legacy systems and data, particularly open-source and community-source software. Old source code (OSC) is recognized as a potent threat because older systems were engineered with much less attention to the cyberthreats that are rampant today. Open-source or community-source systems are at even greater risk for a simple reason — the source code is readily available. Higher education is known for old systems and for community-source software. These will be increasingly targeted, consistent with the global trend.

These seven areas are particularly noteworthy for higher education. The first step is awareness of the threat. The second is addressing it effectively. Cyber liability insurance (CLI) is now considered the norm, and colleges and universities should consider that opportunity carefully. But CLI is primarily for post-breach response. The key is doing everything possible to avoid breaches, because the costs for not doing so are enormous.

This article originally appeared in the issue of .

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • K–12 Safety Trends Report Reveals Reliance on Training, Technology

    Wearable safety technology provider CENTEGIX recently released its 2025 School Safety Trends Report, according to a news release. The report is based on more than 265,000 incidents during the 2024–25 school year as reported through the CENTEGIX Safety Platform, used by more than 800 school districts across the U.S.

  • Designing Learning Spaces that Support Student Mental Health and Wellness

    In today’s education landscape, schools are more than just centers for learning; they are integral to the holistic development and well-being of students. The global pandemic underscored the importance of addressing mental health in schools, as productivity dropped, stress levels rose and students faced challenges managing emotions.

  • StarRez Releases 2025 State of Student Housing Report

    Student housing software solutions provider StarRez recently released its second State of the Student Housing Industry Report, according to a news release. The report is based on the results of survey data from more than 400 higher education institutions around the world, both StarRez clients and not.

  • Three U.S. Universities Install Acre Security Access Control Platform

    Cloud-native physical and digital security solutions company Acre Security recently announced that it has deployed its access control platform at three major universities in the U.S., according to a news release. Acre partnered with Atrium Campus to provide coverage for more than 69,000 students at the University of Virginia (UVA), George Mason University, and Rockhurst University.

Digital Edition