Setting Standards: Benchmarking Security in Higher Education
Ben Fagan | August 26, 2014
Data breaches at higher education institutions are becoming more and more common, putting themnear the top of the list of industries most affected by cyber security risks. Hackers target .EDU networks because they tend to be left wide open for attacks, either because the schools fail to prepare against such intrusions or because network users fall victim to vicious phishing scams. As our latest BitSight Insights report revealed, university security teams juggle diverse IT infrastructure needs and unique challenges, including BYOD culture and multiple network access points. This leads to a major slump in security performance throughout the school year. So how can universities overcome these challenges?
The Importance of Benchmarking
As aprevious BitSight Technologies post noted, many businesses are using security performance to their competitive advantage. By comparing their own procedures to those at other companies, they can determine what improvements, if any, are needed and how they can best be put into practice. Higher education institutions could benefit in similar ways.
When cyber security strategy is implemented, it’s crucial to keep track of how well it’s performing. Waiting until an actual breach is too late. Maricopa Community College’s recent data breach cost the school upwards of $20 million, and although the University of Marylandreportedly doubled its IT security in 2012, that wasn’t enough to stop hackers from exploiting their system in May of 2014. More than 300,000 records were breached; repairs and related expenses could reach into the millions.
Comparing security performance early on helps ensure that data breaches are held at bay, and breach transparency is helping to teach other schools how to protect their own information. Investing the time and money into these comparisons is surely less costly than having to deal with an attack. These incidents are costing schools an untold amount of money, not to mention the impact on their reputations.
Benchmarking tools can help higher education systems easily assess their security. Using these results, board members or IT teams have the knowledge they need to improve performance. While these individuals may not be cyber risk experts, it’s easier to create effective plans when an institution compares its setup to that of other schools, and even industries. It also becomes easier to set reasonable goals and implement solutions when security issues arise.
There are, of course, a number of ways that the higher education industry can work toward a safer, more secure data environment. An exceptional learning environment should always encourage the sharing of invaluable information. However, it should also do everything it can to protect data, both personal and intellectual, from those who seek to exploit it.
Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a...
On March 4th, BitSight released
Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and
manage their security performance in relation to their industry...
While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals...