Data breaches can also lead to student identity theft, fraud and extortion threats, leaving schools open to a plethora of liability. The Gramm-Leach-Bliley Act (GLBA) and the Family Educational Rights and Privacy Act (FERPA) require Title IV schools that receive federal financial aid to follow specific cybersecurity rules. These rules protect parents’ rights to see their children’s school records and limit who can see them. Data breaches that expose these records can lead a university to be non-compliant with these requirements and lose its Title IV funding.
The financial implications of data breaches at colleges and universities are also substantial. According to IBM’s 2023 report on the cost of data breaches, the average data breach in the higher education and training sector between March 2022 and March 2023 was $3.65 million.
The cyber attack on MOVEit in 2023 served as a wake-up call for colleges and universities, because many used third-party vendor software, including the National Student Clearinghouse and Teachers Insurance and Annuity Association, resulting in damages and extortion directly and indirectly.
Not even printing college papers has been immune to cyber extortion. In May 2023, the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory that sent shockwaves through higher education, highlighting a significant security flaw in widely used print management software, PaperCut MF and NG.
Even though PaperCut released a patch to address the issue, hackers had already exploited the vulnerability for over a month when CISA issued its advisory. One threat actor was the Bl00dy Ransomware Gang, which used security flaws and vulnerabilities to cause chaos among PaperCut’s nearly 100 million clients. In this instance, they demanded ransom notes, using The Onion Router and proxies to mask their malicious activities and avoid detection.
HOW MODERN SECURITY INFORMATION AND EVENT MANAGEMENT CAN HELP UNIVERSITIES STAY PROACTIVELY SECURE
Modern security information and event management (SIEM) is a combination of security systems that can help colleges, universities and other academic institutions to identify, assess and respond to possible security threats before they disrupt operations or compromise sensitive data. It’s a method that can be particularly helpful for higher education, which frequently confronts specific cybersecurity concerns due to its diversified and open digital environments.
For over 20 years, SIEM technology has improved areas where it underperformed and added a historical look back on archival data, providing cybersecurity teams with context on potential threats. As a centralized hub for analyzing vast amounts of data, SIEM should now be considered crucial to any university or college cybersecurity team.
- SIEM systems monitor network activity, identify regular and suspicious activity and provide real-time alerts. Such immediate detection and response to potential threats can reduce cyber risks.
- SIEM can find threats automatically, block malware and set up perimeter defenses like firewalls, routers and VPNs. This increases efficiency and lowers human error, vastly improving data security for academic institutions.
- SIEM systems aid security professionals in identifying malware data, combining it with threat intelligence, and understanding how affected systems and data work. This process gives teams a complete picture of possible threats and weak spots in their networks.
- SIEM acts as a mission-control base for data security teams, enabling identification and defense against threats that may have bypassed perimeter security technologies.
Colleges and universities should consider several key areas when implementing a SIEM program.
- The planning stage is crucial, as colleges and universities face unique security concerns like increased network usage, diverse systems and sensitive information. This makes them attractive targets for cyber criminals, hence the need for comprehensive cybersecurity measures.
- SIEM technology should be customized to the institution’s IT architecture and provide real-time monitoring, alerts, threat identification and long-term event storage. It should also be scalable, interact easily with existing systems and provide detailed reporting.
- Fine-tuning a SIEM system is also crucial. This step includes developing use cases for SIEM, learning how correlation rules and alerts function, and implementing best practices.
- Ongoing management and maintenance of a SIEM system are essential to ensuring its effectiveness. This involves analyzing user behavior to identify potential threats and complying with legal requirements such as GLBA and FERPA.
- Lastly, any modern SIEM system should give the client complete visibility over their IT systems by collecting data from many devices and services and turning it into data that is easy to understand. This oversight makes it easier to find security incidents and lessens their effects.
FROM PATCH TO PROGRESS: SHIFTING THE FOCUS IN HIGHER EDUCATION AND CYBERSECURITY
It is time for a new cybersecurity paradigm to secure sensitive data from cyber criminals. By adopting an open security approach that uses SIEM, and developing data security tools and code in the open, IT teams can see what features are functioning to keep users secure and what code can be improved to protect against emerging threats.
Collaboration between universities and security firms is essential for improving security software, as is sharing code, detection rules and artifacts to protect systems from intrusions and exploitation. This joint effort benefits everyone in higher education, regardless of the organization.
Sean MacKirdy is the area vice president of state and local government and education for Elastic, a software company that specializes in search and analytics.
