In 2020, nearly 20 universities in the UK, US and Canada confirmed they were victims of a data breach caused by a ransomware attempt on US IT services provider Blackbaud, reported BBC. The cyberattacks compromised the personal details of students and alumni who may have donated to the universities in question.
Colleges and universities remain attractive targets for cybercriminals as they tend to hold valuable data including personal, financial and medical information, says Yitao Cen, Head of Product Marketing, Asia at cybersecurity firm Fortinet. Furthermore, those attending these institutions also tend to be a relatively more affluent population, Cen adds, making them a more lucrative target
Institutes of higher education are also particularly vulnerable to cyber threats. “[They] simply cannot keep pace with the volume, velocity, and sophistication of advanced threats today,” he says.
Speaking with GovInsider, Cen delves into the reasons why these institutions are so vulnerable, and how they can bolster their cybersecurity posture in the face of increasingly sophisticated threats.
Complex security challenges in the smart university
As the world digitalises, the number of connected devices within higher education institutions continues to grow. While WiFi access was limited to selected areas such as libraries, classrooms and lecture halls in the past, it is now commonplace to see campus-wide WiFi access today.
Student-owned connected devices and the growing adoption of cloud computing is contributing to an expanding attack surface, shares Cen. Colleges and universities traditionally deploy a range of devices to ensure cybersecurity across data centres, multiple clouds, and a wide array of devices operating at the network edge.
But it is challenging for IT teams at higher education institutions to improve efficiency if they are addressing individual threats with an array of security products that work in silo, he says. These security products may also be complex to operate and maintain, Cen adds.
This is where the Fortinet Security Fabric can help universities gain centralised visibility and control across the entire campus, according to Cen. The Security Fabric spans the extended digital attack surface and cycle, enabling self-healing security and networking to protect devices, data, and applications.
He explains that advanced endpoint protection, detection, and response tools can work together with network access control to protect endpoint and IoT devices used by students and staff at higher education institutions, such as microscopes, wireless presentation systems, and even smart cooling systems.
The University of Cambridge adopted Fortinet’s centralised cybersecurity solutions, such as FortiManager, so that the security team could have access through a single pane of management console to an end-to-end consolidated network. This ensured that even if the security team’s IT strategy evolved over the next few decades, they would still be able to manage it from a central location while providing local teams flexibility, according to a Fortinet case study.
Fortinet cybersecurity solutions allows university CIOs to break down silos between existing security infrastructures and integrate third party tools seamlessly into the Fabric, ensuring end-to-end visibility. They can also break down silos between clouds and enable consistent policy management across major public cloud providers.
To enable a strategic and coordinated response to advanced threats, Cen suggests that university CIOs can further integrate security orchestration, automation, response tools and security analytics tools with FortiAnalyzer and FortiSOAR.
Maintaining security in decentralised campuses
Colleges and universities today are not limited to a single location. Instead, students and faculty are often spread out through multiple campuses, remote research sites, or even study-abroad locations. Institutes of higher learning need to ensure that cybersecurity is built into both the main campus infrastructure, as well as other locations controlled by the university, according to Fortinet’s website.
One way that institutions of higher learning can do this is through Fortinet’s next-generation firewalls, which include secure and cost-effective software-defined wide-area network (SD-WAN) technology. This technology enables all campus locations to securely achieve direct internet access so networking traffic can travel between clouds, or over a virtual WAN within select public clouds, says Cen.
In turn, this enables institutions to provide secure, high-performance networking while simplifying network complexity across the Internet and wireless networks.
At remote campus locations, Fortinet SD-Branch extends Secure SD-WAN to enable secure networking at branches. In addition, Fortinet SD-Branch provides consistent security across the internet, wireless network, and switching infrastructure.
For instance, Fortinet solutions are currently supporting Hillsborough Community College in maintaining the cybersecurity of its networks for its student body of nearly 50,000 spread out over 850 acres (about 450 football fields). As the adoption of personal devices and cloud services grew over time, SD-WAN has helped ensure that network performance remained high-speed and secure across the campus, according to a Fortinet case study.
Additionally, the Security Fabric can enable university security teams to integrate cyber and physical security and manage the entire security infrastructure with a single pane of glass. For instance, network-based video security infrastructure can be integrated into the Fabric and receive protection by the cybersecurity infrastructure.
“University CIOs gain the peace of mind that security cameras, recorders, emerging facial recognition and weapons detection technologies, and recordings are a seamless part of their overall security architecture,” he explains.
Cybersecurity for higher education in 2022
In the face of advanced cybersecurity threats, Cen identified some key focus areas for the higher education sector in 2022, such as remote learning, ransomware, and poor data hygiene.
Remote learning has become common in the post-pandemic era and has blurred the boundary of studying and surfing the Internet. This increases the probability of cyber attacks, especially since ransomware threats are growing increasingly sophisticated and can now be automated. With many universities still using legacy technology, defending against these threats will become even more challenging, Cen says.
Another priority of higher education institutes in 2022 is improving cybersecurity education among students and staff. According to the Cyber Skill Shortage Survey by SAPIQ in Southeast Asia, recruitment in the cybersecurity space is a big challenge, also organizations are looking for candidates with technology focused certifications.
To address this, IT teams at higher education institutes can take up an eight-tiered Network Security Expert certification programme from the Fortinet Network Security Academy, says Cen. The free-for-all programme includes a range of both self-paced and instructor-led courses, alongside practical exercises that demonstrate mastery of complex network security concepts.