Setting Standards: Benchmarking Security in Higher Education

Ben Fagan | August 26, 2014

Computer_in_LibraryData breaches at higher education institutions are becoming more and more common, putting them near the top of the list of industries most affected by cyber security risks. Hackers target .EDU networks because they tend to be left wide open for attacks, either because the schools fail to prepare against such intrusions or because network users fall victim to vicious phishing scams. As our latest BitSight Insights report revealed, university security teams juggle diverse IT infrastructure needs and unique challenges, including BYOD culture and multiple network access points. This leads to a major slump in security performance throughout the school year. So how can universities overcome these challenges?

The Importance of Benchmarking

As a previous BitSight Technologies post noted, many businesses are using security performance to their competitive advantage. By comparing their own procedures to those at other companies, they can determine what improvements, if any, are needed and how they can best be put into practice. Higher education institutions could benefit in similar ways.

When cyber security strategy is implemented, it’s crucial to keep track of how well it’s performing. Waiting until an actual breach is too late. Maricopa Community College’s recent data breach cost the school upwards of $20 million, and although the University of Maryland reportedly doubled its IT security in 2012, that wasn’t enough to stop hackers from exploiting their system in May of 2014. More than 300,000 records were breached; repairs and related expenses could reach into the millions.

Comparing security performance early on helps ensure that data breaches are held at bay, and breach transparency is helping to teach other schools how to protect their own information. Investing the time and money into these comparisons is surely less costly than having to deal with an attack. These incidents are costing schools an untold amount of money, not to mention the impact on their reputations.

Clearer Communication

Benchmarking tools can help higher education systems easily assess their security. Using these results, board members or IT teams have the knowledge they need to improve performance. While these individuals may not be cyber risk experts, it’s easier to create effective plans when an institution compares its setup to that of other schools, and even industries. It also becomes easier to set reasonable goals and implement solutions when security issues arise.

There are, of course, a number of ways that the higher education industry can work toward a safer, more secure data environment. An exceptional learning environment should always encourage the sharing of invaluable information. However, it should also do everything it can to protect data, both personal and intellectual, from those who seek to exploit it.

Suggested Posts

What Are Security Ratings?

Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a...


Advanced Security Benchmarking with BitSight Peer Analytics

On March 4th, BitSight released  Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and manage their security performance in relation to their industry...

6 Cybersecurity KPI Examples for Your Next Report

While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals...


Subscribe to get security news and updates in your inbox.