BitSight Insights: Powerhouses and Benchwarmers

Tom Turner | August 21, 2014

Assessing the Cyber Risk of Collegiate Athletic Conferences

It is no secret that America's colleges and universities hold a wealth of personal and sensitive information that is frequently targeted by cybercriminals, as evidenced by some public data breaches in the past year affecting major universities. Today we at BitSight published our quarterly BitSight Insights report that analyzes the security performance of higher education insitutions in America.  We conducted a thorough analysis of the largest and most prestigious collegiate athletic conferences in the nation: the ACC, SEC, Pac 12, Big 10, Big 12 and Ivy League. The member schools of these athletic conferences are large to medium sized universities that give a strong representative sample of the higher education industry in the United States, encompassing a student population of 2.25 million and a network space of more than 11 million IP addresses.

By analyzing the aggregate Security Ratings of each conference, we gained insight into the overall security performance of higher education institutions during the past year (July 2013 to June 2014). BitSight Security Ratings (data sheet) are calculated daily and range from 250 to 900, with higher ratings equating to better security performance. Using our unique outside-in view of internet security, our data reveals the education industry as a whole, and colleges in particular, fail to make the grade when it comes to securing their networks. Yet while many schools are lagging in overall security performance, there were a noteable number of colleges that are excelling at security performance. By using comparative data on industry averages and peer schools, these high performers can serve as a benchmark for other insitutions of higher education, enabling university security teams to better advocate for resources and budget to effectively tackle these potentially costly issues. 


Below is a brief summary of our findings:

Colleges at the Bottom of the Draft. Colleges and universities are failing to adequately address security challenges, with the Security Ratings of athletic conferences averaging around 600. This is considerably below retail and healthcare, two other industries that have faced serious data breaches in the past year.

Blitzed by Malware. Higher education institutions experience high levels of malware infections, the most prevalent infection coming from the Flashback malware, which targets Apple computers. Other prominent malware include Adware and Conficker.

Homecoming Challenges. Overall security performance declines significantly during the academic school year (September to May). The conferences see an overall 30 point drop in Security Ratings. This is likely due to the influx of students and devices on campus networks.

Powerhouses have a Playbook. The schools included in our analysis with a Security Rating of 700 or above all have a dedicated CISO or Director of Information Security on staff. Such prioritization of information security is a key indicator of better security performance.

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.