Investing in data security infrastructure is essential as malicious hackers relentlessly target higher education institutions.
The recent cybersecurity breach at the University of Manchester, which reported the theft of 7 Terabytes (TB) of data, is one of numerous cyber incidents that have occurred in the past few months. We have also seen attacks in Tennessee State University, Southeastern Louisiana University, and Mount St. Mary’s College among others. Along with healthcare and financial services, higher education institutions have emerged as one of the most vulnerable sectors. Higher education, representing the number one ransomware target, has become an attractive target for bad actors who are flocking to colleges and universities like bees to blooming flowers in the spring.
Camellia Chan, CEO and Co-founder of Flexxon, a next-generation hardware-based cybersecurity solutions provider through its flagship X-PHY brand, shared some insight on the risks higher education institutions are exposed to; the role of low-level AI, and how to keep cybercriminals at bay.
Fierce Education: What makes education institutions at risk of cybercrime and what can they take to protect their data from threats?
Camellia Chan: With millions of students submitting applications to undergraduate and graduate programs annually, higher education institutions are collectors and protectors of massive troves of sensitive data. Universities possess and store added layers of complex data, from students’ personally identifiable information and sensitive research data to employee and student health and retirement benefits data. Once bad actors break through cyber defenses, they can use this confidential information to commit blackmail and fraud. Plus, cybercriminals can use this information to launch social engineering attacks (cyberattacks designed to manipulate individuals through interaction) to conduct extortion and other types of fraud. Once a university’s defenses are breached, these attacks can be costly for institutions to resolve, not only from potential ransom payment but also through business interruption, data privacy non-compliance penalties, and liability lawsuits. With the total cost of a major data breach costing universities an average of $3.8 million per incident, data protection should be a top priority for the sector. Education institutions must bolster their existing cybersecurity measures and embrace advanced technologies to fortify each of the 7 layers of security. To keep pace with opportunistic cybercriminals, higher education needs to build cyber tech stacks as powerful as any financial or government institutions, which may include solutions for network infrastructure, identity, and access management, endpoint application, threat intelligence, and more.
Fierce Education: What steps can education security leaders take to assess potential vulnerabilities?
Chan: Security leaders should build a detailed risk profile that includes budget, manpower, and technology knowledge to identify threats and vulnerabilities and determine the probability of exploitation and the resulting impact on the institution. Through this evaluation, institutions can choose diversified approaches to tackle the particular deficiencies within their system. Subsequently, they can devise a cybersecurity framework that is comprehensive and includes multiple layers, thereby mitigating risks throughout the internal software, external vendors, and the network perimeter.
Fierce Education: Can you tell us about the benefits of AI-powered cybersecurity solutions adoption to enable real-time data protection at the storage level?
Chan: There’s low-level AI. When we say “low-level” we are talking [about] AI-based solutions that monitor for a clearly defined set of communications deployed at the often-overlooked physical layer of computing: The hardware; the device itself. Low-level AI addresses the current gap and provides a robust last line of defense for the 7-layer model against sophisticated attacks while removing the need for human intervention, thereby safeguarding sensitive data from potential breaches.
Fierce Education: How can higher ed institutions be fully protected?
Chan: To date, the higher education industry has relied on solutions that protect solely at the software level. But with each new attack, we’re seeing that current threats are increasingly able to evade the cybersecurity software stack. To be fully protected, institutions should realize that it is critical to deploy solutions which secure each and every layer, especially the firmware and hardware levels. As AI consumes data artifacts it becomes smarter, enabling it to analyze relationships between threats in seconds. As a result, AI reduces time to knowledge, empowering faster decision making and remediation of threats. The next stage of holistic cybersecurity defense should incorporate hardware and embedded solutions into the overall infrastructure to stop hackers in their tracks, in a small, sealed, and fully engineered environment at the data storage level.
Fierce Education: Low-level AI solutions seem to be key in protecting data at the physical layers. Once the right technology is in place, what would be the next steps to protect sensitive data against the ever-growing cyber threats?
Chan: Institutions that prioritize data security will win the battle of attrition with cybercriminals; and those that harness AI-powered cybersecurity solutions will best protect their students and staff’s sensitive data. Therefore, education leaders should look at low-level AI integrations at the physical layer as it closes security gaps and dangerous vulnerabilities. After choosing the appropriate technologies, the subsequent task involves formulating a well-structured plan to implement and integrate the cybersecurity tools into the IT infrastructure. It is important to be careful not to implement too many at once and be thoughtful about which vendors to select
Fierce Education: Indeed, cybercriminals never sleep; remaining vigilant at all times becomes essential. Your last piece of advice?
Chan: My last piece of advice is to never stop assessing and upgrading your defense processes and technologies. Bad actors will never stop innovating and exploiting new attack surfaces, so vigilance is essential.
For other articles on cybersecurity in higher education, see:
Cybersecurity and Risk Management Strategies for Higher Ed
Ransomware-Related Data Leaks Increase 82 Percent
Steps Colleges Can Take to Protect Against Cyber Attacks: Part 2
Using Smart Technology for Blended Security Online and on Campus