Even though information security was deemed the number one IT problem for 2016, Susan Grajek is optimistic.
After talking with her about information security troubles in higher education, Grajek says that security risk management roles will continue to evolve and stomp on security threats.
Threats and data breaches are inevitable, she says, and colleges are polishing their security armor to prepare for the next one.
“People are now saying it’s not just a matter of trying to avoid a breach, but really saying the likelihood is we will experience a breach, and how will we respond to it?” says Grajek, VP of Data, Research and Analytics at EDUCAUSE. “Risk management is an increasingly large part of that information security.”
Colleges can act as a hefty contender against data breaches through multiple avenues, including tightening encryption and replacing usernames and passwords with multi-factor authentications.
Grajek also says that colleges will apply different technology models that will best support their institutional cultures, increase privacy and automate threat mitigation.
“I think where we’re headed in regard to the technical management of information security is trying to create smart networks and smart resources that will automate the standing fore-threats and the mitigation of those threats, rather than having it be a manual process,” she says. “I think there are emerging tools that do; they try to keep even half a step ahead of the emerging threats.”
While I agree with Grajek’s insights and predictions about information security in higher education, I am not as optimistic her.
I think that colleges will still surrender data hacked by criminals. Some colleges inevitably will be on top of their game and squash a threat before it can weasel its way into the network, while others will be robbed faster than you can say cyber theft.
Colleges will strengthen their security methods as much as they can – but, hackers and other cyber criminals are getting smarter. One college will perfect their latest information security secret weapon, and a criminal will have the code cracked the next day – humans are their own heroes and worst enemies.
Toward the middle of my conversation with Susan, she said something that both she and I agree is key to keeping up with today’s threats: colleges need to educate students, faculty, staff and visitors on what their roles are with their networks.
Information security might be listed as an IT problem, but it’s actually not.
“Information security is everybody’s problem, not just IT’s problem,” Grajek says. “It’s the problem of anybody who touches data – faculty, students, staff, visitors. Everybody needs to understand what their role is in protecting data at their level. Very often, an ongoing vector for security breaches is getting an email and clicking on a link, inadvertently downloading software that introduces vulnerability to your screen. Educating people is an ongoing basis.”
With a collaborative effort of brain power, constant education and practice, colleges will have a better shot at keeping their network protected and clean from breaches.
Network access will be harder to break into, students, faculty and staff will master their college’s Cloud, or their own individual Clouds, and compartmentalize their data.
“Having a good risk management plan, having a plan for what you will do when your data gets breached, to rehearse that with various likely scenarios, that’s a good practice,” Grajek says.