Cyber Security Threats  IT Professionals in Education Face

by Matias Wolff 1, Feb, 2017

If the Death Star's plans could be stolen by a bunch of young rebels, what about the strategic data of your educational institution? Is it safe enough?

Schools and universities are highly connected environments, every day there are hundreds, or even thousands, of students, academics and employees, walking around and using their laptops, tablets and smartphones, accessing institutional data every single minute.

Unfortunately, we can't hire a group of the most ruthless bounty hunters of the galaxy, or a 10,000 stormtroopers army to secure our data and devices (although, that would be beautiful).


Hacker attacks and data leaking are also exciting growth opportunities for the IT industry. We have the chance to build our own rebel alliance against external and internal threats. In fact, Gartner consultants, quoted by CNBC, recently stated that "the evolution of cloud and mobile technologies, as well as the emergence of the 'Internet of Things,' is elevating the importance of security and risk management as foundations. Smartphones present the biggest risk category going forward. They are particularly attractive to cybercriminals because of the sheer number of use and multiple vectors of attack, including malicious apps and web browsing.”

That’s why computer security has grown as a rallying cry for IT Jedi knights in schools and universities, and solutions such as mobile tracking software, device protection, geofencing, and laptop security, amongst others, have become essential tools to face and prevent cyber attacks, laptops theft, and data leaking.

(How to destroy a new Death Star is still under development. Too bad!)

But before implementing any security software on campus, IT teams in educational institutions need to first analyze and determine the main threats that their data and devices are exposed to.

Protect data and devices on campus

The Sans Institute developed a survey of the current computer security landscape in junior colleges, community colleges, and universities, gathering inputs from nearly 300 IT professionals. The results clearly show what the main threats are, and what assets educational institutions should protect.  

Primarily, IT Jedis are mostly concerned about the following issues:

  • 70% of respondents were concerned about administrative systems that handle student and financial records.
  • 64% of respondents were concerned about faculty/staff computers (both laptops and desktops).

This shows that current IT management is more concerned with internal issues but less worried about endpoints that could be weak points vulnerable to hacker targeting in order to deliver an attack. Because of this, IT professionals have underlined these main computer threats for educational institutions:

(When they talk about “things” they mean all equipment related to computers, such as printers, copiers, scanners, laboratory data acquisition devices, surveillance cameras, door access controllers, and vending machines.)

Of the 11 attack vectors listed in The Sans Institute survey, six are related to "the capability of the institution to patch its internal systems’ external-facing applications":

  • Exploits against internal database systems and servers, malware delivered to staff endpoint
  • Exploits against websites or servers, exploits against other critical applications
  • DNS server exploits and malware delivered to student endpoints

As a result, they assert that patching and vulnerability management are critical to protecting against these types of risks. 

The other five vectors not deemed by the survey respondents as critical for protecting "are initiated by the user and could be addressed with a security awareness program and policies for supporting, allowing or denying specific forms of student traffic.”

What IT Managers at educational institutes should try to avoid

Unfortunately, schools, colleges, and universities are very attractive targets for data hackers and device theft.  Cyber attacks have been on the rise in higher education.

"Higher education is particularly vulnerable because—in contrast to hacking targets like banks—college and university computer networks have historically been as open and inviting as their campuses,"  Fred Cate, Jedi Master Director of the Indiana University Center for Applied Cybersecurity Research told UniversityBusiness.com

Sith hackers are also aiming educational institutions because they contain massive valuable databases and studies from prominent officials such as board members, researchers, and academics or key alumni information. 

As academia has become the hub and repository of critical applied research in science, business, and technology, the threat to intellectual property is higher than an undergraduate student might think.

Remember that Facebook, perhaps one of the most widespread cloud-based applications whose business value lies on sharing personal information was spawned inside the walls of Harvard University.  But in 2015 their campus suffered "a modest attack" affecting user credentials in eight of their schools, caused only a "little surprise".

The same happened at Rutgers University, which spent millions to strengthen its security in the wake of a series of denial of service (DoS) attacks against its networks and servers.

Last year, several other renowned universities in the United States were victims of hacker attacks. According to Educause,  Penn State University's entire Engineering School had to be taken offline for an extensive investigation and clean-up of its network and systems. That incident was followed in August by similar news from the University of Virginia (UVA) of a targeted cyber attack against two officials whose work was connected with China.”

 “The news about these incidents isn't a surprise -Educause says- because schools across North America are under a relentless assault from malicious actors of all kinds, from script kiddies looking to grow their skills to large organized cyber criminal syndicates to nation-state entities. According to the New York Times, Penn State alone dealt with more than 20 million hostile attacks on an average day last year.”

What other issues for IT in educational institutions concern you? Do you see any other threats? 

Keep your mobile devices and data safe

Matias Wolff
Matias Wolff

CMO at Prey. BA in Advertising with a major in Marketing from Universidad del Pacífico. Master in International Marketing at ESMA, Barcelona. 18 years’ experience in multinational companies. I am a volunteer at the Endeavor program, and teach Integrated Marketing Communications at the Masters in Innovation program, Universidad Católica de Chile.
Let's connect:   

check out our

Related Blog Posts

Customer Support should listen to The Boss and keep that human touch

by Fabián Núñez May 8, 2017

The Boss, Bruce Springsteen, said it best in his 1992 hit “Human Touch”: In a world without pity, do you think I'm asking..

Read More

5 Podcasts for IT Professionals

by Matias Wolff March 13, 2017

Being an IT professional has its perks. One thing that some might agree on is that when you work in IT you’re just sitting...

Read More

Asset management & advanced search: wizard's guide to label location

by Matias Wolff February 17, 2017

You’ve realized that an advanced search capacity is a must have tool to track your devices in multiple locations...

Read More

4 Challenges CIOs and IT Professionals will face in 2017

by Matias Wolff February 16, 2017

Hello 2017! Adiós 2016, a year that many wanted to leave behind. But now, a new period is starting, that will bring many..

Read More

The Current State of Handling Device Security in a BYOD system

by Matias Wolff February 14, 2017

There are many benefits for an institution that applies a BYOD system. Reduced costs, better use of the device’s..

Read More

IT management: who’s first, the CIO or the CTO?

by Matias Wolff February 10, 2017

Depending on their size and structure, organizations have a Chief Information Officer (CIO) and a Chief Technology Officer..

Read More