Magazine Button
Experts discuss the insider threat to the education sector

Experts discuss the insider threat to the education sector

EducationEnterprise SecurityInsightsTop Stories

Cybercrime is a growing problem globally and the higher education sector is not immune to this threat. Colin Truran, Principal Technology Strategist, Quest Software and Steve Mulhearn, Director of Enhanced Technologies at Fortinet, provide more detail on how best to secure an institution’s network infrastructure.

The biggest cybersecurity threat to universities and how to make cybersecurity a priority according to Colin Truran, Principal Technology Strategist, Quest Software:

As today’s modern campus relies on online services to power its learning and teaching environment, a greater number of devices belonging to students or staff connected to the network are exposing universities to cyberthreats.

In turn, valuable data such as breaking research, students’ personal information and employee information, which is collected and kept on file by universities is in danger of being used for nefarious means by hackers. In addition to data being misused, universities are at risk of suffering reputational damage if they are unable to keep their network safe.

The biggest cybersecurity threat

As universities own a wide pool of valuable data, their networks are being targeted by a range of different tactics such as phishing attacks or ransomware, as well as a range of hackers – from nation states, to traditional, independent hacking groups. However, recent findings by Jisc, the UK’s not-for-profit organisation offering digital services and solutions to UK higher, further education and skills sectors, found that the biggest threat to universities’ cybersecurity are the students and staff.

Based on data which Jisc has been collecting for years, the organisation concluded that it is highly likely staff and students are to blame for attacks for one reason – timing. According to Jisc, attacks on universities dramatically decrease during holidays such as Christmas; Easter, half-terms or summer holidays.

This pattern could signal that attackers are in fact students or staff, or someone very familiar with the academic cycle. Additionally, Jisc found that attacks usually start between 8am and 9am, quieten around lunchtime but ramp up around 1pm and 2pm.

Look within the network

Students and staff are the core of each educational establishment and as such, it is difficult to imagine the biggest cybersecurity threat coming from within. However, the university’s large and inadequately secured network often enables malicious activity by being an easy target.

Whilst universities are expected to offer all students the ability to connect their devices to the network and access the university’s digital services, this presents a challenge when it comes to preventing malicious activity and uncontrolled sensitive data sprawl due to poorly designed networks. These complex and large networks not only open universities to cyberthreats but also prevent the educational establishment from offering a stable, secure connection to its digital services for the many devices of students and staff.

An additional issue here is that creativity is not limited to just the students. For example, the university’s technology management teams, with their wide remit and increasingly low funds, often search and find ways to solve network problems with creative scripting and workarounds. This creativity leads to network environments which are highly complex, creating a much larger attack surface area as a result.

How can universities protect their networks and data?

In today’s world of rapid growth in personal devices, it is vital that universities implement radical changes to the design of networks. Universities must invest in their digital environment and ensure that they modernise data management practices, remove complexity and isolate sensitive services from student activity.

They also must enable the online environment to understand threats quickly and react accordingly. For example, AI threat detection and automated threat response can detect malicious activity and restructuring the environment can isolate sensitive services from student activity.

By restructuring and investing in their digital environment, universities will be able to offer internal and external nefarious attackers fewer opportunities to attack, as well as less time to do so.

Cybersecurity as a priority

The internal and external threat to universities’ cybersecurity is real and it is crucial that universities understand it as such. When it comes to data and network security, complacency is the real danger.

Universities should invest in their own cyberspace security and reduce the need for in-house security teams to become creative when it comes to network problem solving.

By investing in cybersecurity and redesigning their networks, universities can be safer from internal and external threats, keeping valuable data out of hands of hackers and networks up and running.

Steve Mulhearn, Director of Enhanced Technologies at Fortinet, offered some additional thoughts on university institutions securing their network infrastructure against hackers:

The importance of a secure and stable network connection for staff and students at universities

We must remember that the network as a whole is now as important to infrastructure as electricity and gas. Everybody relies on that network for it to be available and as trouble-free as possible. From our perspective, very often this level of infrastructure is almost just expected to work. As soon as that network isn’t available, the damage and disruption it causes to staff and students is outrageous. All of a sudden, everything they’re doing from a sharing perspective; from information sharing, from access to social media and even just publishing their own information, is absolutely critical. It is now that fourth emergency service for them.

Network safeguarding when research suggests hackers could be students

One of the startups I created was with the University of Michigan. Whilst working with them, we accessed a network to understand student behaviour which gave me a great insight into how they do what they do. The insider threat in those environments is significantly higher than probably any other area in our customer base. I could have a disgruntled employee, but that doesn’t mean they’re going to do something malicious. I always break it down into three groups; mischievous, malicious and criminal. Unfortunately, the students fall into the first two. Mischievous – can I just do it? Malicious – can I do it and improve my grades? The insider threat comes from mischievous and malicious activity. It’s typically not from criminal activity because that would lead to organised crime and I would hope that university students aren’t into organised crime.

Implementing radical changes to the design of university networks

I think this is very important. Very often we discuss how they can reduce the risk to their network. It’s not just about bigger, better, faster. It’s also about understanding risk and historically, universities haven’t been risk-averse – they’ve actually accepted quite a high level of risk in the level of access they’ve given students in open networks and sharing of information. This assumes a trusted user but unfortunately, that isn’t true. Universities almost have to reassess it and question how they protect themselves from inside and outside threats. Many universities don’t even know where their critical assets sit and obviously with the standards of GDPR, they must now protect this data and be aware of its location and importance. This information is worth a fair amount of money on the black market, so universities must understand the design. It’s all about segmenting the network internally and not just at the perimeter – this is a way of modernising part of a university’s data management.

Using technologies such as AI to detect threats and automate processes

I think you have to be honest about what AI can do. I don’t like the term ‘Artificial Intelligence’ because for me, if you take the science fiction view of it, is not what we do. What a lot of systems do today is Augmented Intelligence and Machine Learning. These technologies have a huge part to play because of the lack of resources and operational staff that these institutions have. So, they can help them quite dramatically. An area I’ve worked in for quite some time is behavioural analytics. I’m not looking at 95% of people, I’m looking at the 5% of people that do something different and if I can do that and Augmented Intelligence and Machine Learning can help me, that’ll enable me to spot suspicious targets. If I can see it, I can do something about it. If I’ve got no visibility of it, I’m never going to do anything about it.

Restructuring a university’s digital environment to benefit the institution

I think it’s about efficiencies – using technology in the right place and not just throwing it at anything. Everybody talks about Digital Transformation – in government, in local government, in universities – that must go hand-in-hand with security transformation. Therefore, when you’re restructuring the university’s digital environment, you’re looking to get people working on what’s most important.

Browse our latest issue

Magazine Cover

View Magazine Archive