Setting Standards: Benchmarking Security in Higher Education

Setting Standards: Benchmarking Security in Higher Education
Written by Ben Fagan
VP, Corporate Strategy & Chief of Staff

Data breaches at higher education institutions are becoming more and more common, putting them near the top of the list of industries most affected by cyber security risks. Hackers target .EDU networks because they tend to be left wide open for attacks, either because the schools fail to prepare against such intrusions or because network users fall victim to vicious phishing scams. As our latest Bitsight Insights report revealed, university security teams juggle diverse IT infrastructure needs and unique challenges, including BYOD culture and multiple network access points. This leads to a major slump in security performance throughout the school year. So how can universities overcome these challenges?

The Importance of Benchmarking

As a previous Bitsight Technologies post noted, many businesses are using security performance to their competitive advantage. By comparing their own procedures to those at other companies, they can determine what improvements, if any, are needed and how they can best be put into practice. Higher education institutions could benefit in similar ways.

When cyber security strategy is implemented, it’s crucial to keep track of how well it’s performing. Waiting until an actual breach is too late. Maricopa Community College’s recent data breach cost the school upwards of $20 million, and although the University of Maryland reportedly doubled its IT security in 2012, that wasn’t enough to stop hackers from exploiting their system in May of 2014. More than 300,000 records were breached; repairs and related expenses could reach into the millions.

Bitsight Executive Report Example

New! The Security Ratings report is now the Executive Report. Request your report to see enhanced analysis such as your rating, likelihood of ransomware incidents, and likelihood of data breach incidents.

Comparing security performance early on helps ensure that data breaches are held at bay, and breach transparency is helping to teach other schools how to protect their own information. Investing the time and money into these comparisons is surely less costly than having to deal with an attack. These incidents are costing schools an untold amount of money, not to mention the impact on their reputations.

Clearer Communication

Benchmarking tools can help higher education systems easily assess their security. Using these results, board members or IT teams have the knowledge they need to improve performance. While these individuals may not be cyber risk experts, it’s easier to create effective plans when an institution compares its setup to that of other schools, and even industries. It also becomes easier to set reasonable goals and implement solutions when security issues arise.

There are, of course, a number of ways that the higher education industry can work toward a safer, more secure data environment. An exceptional learning environment should always encourage the sharing of invaluable information. However, it should also do everything it can to protect data, both personal and intellectual, from those who seek to exploit it.