Defending University Networks and Data from Cyberattacks
Tomorrow, the Department of Electrical Engineering at Florida International University (FIU) will host Trends in Cybersecurity, a forum for IT and business professionals seeking to learn more about potential cyber threats and how to protect their organizations against data breaches. Attendees will hear from industry leaders about the latest tools to safeguard data, as well as what’s to come in digital security.
Eldred Garcia, Director of Security Solutions for Bluefin and panel member at Trends in Cybersecurity, will discuss the latest trends in cyber threats within universities, and how schools can prevent data breaches from occurring by adopting security solutions within the university’s network.
Why is Cybersecurity important to universities?
Data breaches at colleges and universities are on the rise. These institutions are targets because their networks have access to a large amount of private information, including educational and medical records, as well as employees’ personal data. According to the Ponemon Institute, data breaches at academic institutions cost in excess of $300 per compromised record.
Data breaches within universities are by no means a new thing. From 2006-2013, over 550 universities reported some sort of data breach, and in 2014, Symantec’s Internet Security Threat Report showed that 10% of hacks occurred in the educational sector, behind healthcare (37%) and retail (11%).
So how do universities defend themselves? Most are still trying to figure that out.
Rutgers University suffered a cyber attack in late September. Their Central Authentication Service site – where students and staff enter their names and passwords to access the university network – was shut down for almost an entire day, while the hacker taunted the school on social media sites, boasting about what he/she was getting paid to hack the school’s system.
This was not the first cyber threat at Rutgers, rather it was the fifth “denial of service” since last fall. Rutgers had already taken many steps in securing their network by hiring several cybersecurity consultants to upgrade their systems as well as spending over $3 million in damages from the past attacks. All of that time and money spent – which has actually resulted in an increase in tuition for Rutgers’ students – and the hackers were still able to break into their network.
In a recent study, Tinfoil Security tested the networks of 557 state universities with a cross-site scripting (XSS) attack. 25% of them were found vulnerable. Michael Borohovski, founder and CTO of Tinfoil Security believes that “breaches do not occur because universities
don’t care. It’s probably because they don’t know it’s a problem or they’re simply not catching it in time. Despite the frequency of attacks, many schools just aren’t prepared to defend themselves.”
Case in point, in May, Penn State revealed that hackers had breached computers in its engineering department — a breach that was first identified by the FBI – resulting in over 18,000 students and faculty that were possibly affected by a breach that might have started as far back as two years ago.
What is the financial impact of a data breach? It depends on the number of victims involved, but nevertheless, the costs are staggering.
Two years ago, FBI agents informed Maricopa County Community College District administrators that data from the 10-college system in Arizona had been posted on the internet. With a possible data breach underway, the system’s website was shut down immediately and school officials began to investigate. After identifying a problem with its main web server, officials began the arduous task of notifying 2.3 million current and former students, staff and vendors that their social security numbers and other sensitive data may have been exposed. An extensive repair of the security system was launched over the next two years, and the price tag for the cyberattack would climb to $18 million.
Insurance reimbursements were able to cover some of the damages, but ultimately the costs involved to recover from the breach rested on the shoulders of tax payers and students paying increased tuition. The rest of a breach recovery is beyond expensive, and can close the doors of a university or business. Hiring forensic teams to determine cause of breach, lawyers for legal services, and firms to manage notifying the breached victims are all mandatory pieces to a data breach aftermath puzzle, but wouldn’t stopping the breach from occurring provide an actual solution?
What solutions to data breaches will be discussed at Trends in Cybersecurity?
The event is sure to cover all discussions surrounding data breaches, and Bluefin’s Garcia will specifically discuss security solutions that will prevent cyber hacks – most often caused by malware – from occurring within the university’s network. Bluefin’s PCI-validated Point-to-Point Encryption (P2PE) encrypts credit card information at the Point of Interaction (POI) so that it cannot be read/decrypted at any point within the university’s network – and therefore not available as clear-text data in the event of a data breach. This is just one such tool that a university needs to include their arsenal in the cybersecurity war.
It’s great to see universities taking a proactive approach in educating the academic and surrounding community on cybersecurity with such sessions. We hope more institutions will follow in the footsteps of FIU.