ANSWER: What is an Incident Response Plan.
QUESTION: What’s the most important security measure colleges and universities must put in place to mitigate cyberthreats?
This is one Jeopardy! question that you want to be able to answer not only in words, but with a well thought-out incident response (IR) plan that you can take action on the minute you realize your organization might be under attack.
Candidly, it sucks to think that higher education institutions are at the top of many cybercriminals’ hit lists. Like the healthcare organizations that are also at the top of many an attacker’s target list, colleges and universities exist to do good in the world: educate, enlighten, enrich and improve the world through research and collaboration. Alas, in the process of providing these outcomes, higher ed institutions end up looking like a smorgasbord of irresistible delights to cybercriminals due to the institutions’ financial resources, lack of cybersecurity maturity and need to maintain day-to-day operations.
The 2022 Verizon Data Breach Investigations Report (DBIR) indicates that there were 1,241 cybersecurity incidents in educational services in the year reported, over 30% of them ransomware attacks. According to the most recent tracking on Statista, there were 35 publicized ransomware attacks in the higher education sector in 2021 worldwide, second only to the Government sector.
Think about it: Many higher ed institutions are like mini cities, and some of them are not so mini. They have stores, restaurants, healthcare facilities, financial services, gyms, performance centers and housing. They have many different types of people—students, educators, administrators, staff, industry professionals, medical professionals and more—representing a gold mine of potentially valuable personally identifiable information (PII) and protected health information (PHI) records or exploitation paths. And the cherry on top? Intellectual property. Many colleges and universities engage in research, both with other higher ed institutions and with industry, that often results in innovations worth millions or billions of dollars.
But it’s not just all of these treasures that entice cybercriminals; it’s the fact that these treasures are almost always inadequately protected. Security technology budget and staffing challenges, thousands of disparate and insecure devices on a university’s systems and networks, no centralized IT, insufficient security awareness… all of these things combine to make higher education institutions especially vulnerable to cyberattack.
If you’re a higher ed IT or security professional, maybe you’re rolling your eyes by now thinking to yourself, “Ok, ok, we’re in the thick of it and we know the challenges – what can we do about it?”