Losses and unauthorized disclosures of data increased markedly along with the number of colleges and universities affected.
A new report summarizing computer security incidents over the past year found that the number of losses and unauthorized disclosures of data increased markedly along with the number of colleges and universities affected. The most common incidents last year tended to involve "the release of information to unknown and/or unauthorized individuals," shifting the focus from hacker-style attacks to breaches involving information technology employees themselves -- whether acting knowingly or not.
The "Year in Review" report for 2007 by Educational Security Incidents, an online repository intended to collect data on security incidents in higher educational institutions, scoured online databases dedicated to campus security reporting, as well as news sources, to create a consolidated picture breaking down the number and types of breaches that occurred last year. The total number of incidents reported rose 67.5 percent to 139, and they affected 112 institutions, a 72.3 percent jump from 2006.
October's annual survey by the Campus Computing Project found that while problems resulting from computer viruses and spyware had plummeted over the previous two years, security incidents involving social networking sites (like Facebook) were increasing -- to 13.2 percent of campuses polled in 2007. Campus IT officials in the survey called network security the single most important IT issue affecting institutions over the next two to three years, although the percentage saying so decreased from 30 to 25.5 percent over the previous two years. The survey also found an increase in physical theft of computer hardware and a small but growing fraction of incidents involving intentional wrongdoing by IT employees.