2) Security policies
“If you’re in finance or healthcare, you can create a pretty stringent security policy,” Kumar says. “You can also create a fairly stringent BYOD policy. In the case of education, that is very difficult. They have to balance the availability of resources because it’s all about balancing availability with student learning.”
3) Privacy regulations
“Education is one of the sectors with the highest number of privacy regulations,” Kumar says. “Instinctively, people don’t think about compliance and regulations, but education is one of those sectors that is faced with many if not more compliance and regulations than some of the other sectors.”
How to Suit Up a College’s Network with Security
Kumar says a college should be aware of threats leaking through its BYOD policies, security policies and privacy regulations, and armor-up its network accordingly.
He says colleges can prepare for a breach through three stages:
1) Hardening defenses
Kumar says hardening a college’s network defenses surpasses traditional perimeter securities and firewalls.
“Hardening in today’s world means moving periodic processes,” he says. “A lot of universities rely on period vulnerability scans: let me see who’s on my network, let me see if there is any risk on my network. That’s not sufficient because today, people are coming on and off the network all the time with a bunch of transient devices.”
“The number one cause of data breaches is a vulnerable endpoint on the network. We read research that just came out stating that 80 percent of successful attacks are exploiting well known gaps and vulnerabilities on a particular end point…If you don’t know the security hygiene of the devices that are coming on the network, right away, you’re exposing yourself at 80 percent.”
2) Increasing interoperability
Kumar says increasing interoperability in a college’s network will provide clearer context to its security systems.
“One of the things you’ll hear a lot of is that security systems lack context, they are working with their individual silos,” he says. “So they’re only telling you that they’re good enough based on what they see. Continuous monitoring and mitigation solutions are probably one of the best sources of getting real time context.”
3) Responding right away
Kumar says most organizations and institutions lack the automation to respond to data breaches. He says colleges should act fast during a cyber-attack to nip the source in the bud before problems spread.
“It’s important that once you detect that one machine might be compromised, you immediately say, “I want a system that goes out and tells me are there others similar to this,”” he says. “You have to win the race against a breach. When a breach happens, if you’re doing manual and just following it along and an endpoint gets infected, it’s going to go to different parts of the network and jump from one machine to another. If you’re doing manual, you’re always one step behind.”
Tips to Protecting Your Own College’s Network
Remember your network is like everyone else’s
Kumar says college IT departments can sometimes think their network is not commercial, and that it doesn’t need the attention a commercial network might need.