Tim Wallen, Regional Director, UK&I , LogPoint explores why higher education colleges and universities are now under pressure to protect their data.
Higher education institutions are under increasing pressure to protect their data. The open nature of campus networks and IT systems alongside the valuable intellectual property and sensitive information they hold have made such institutions enticing targets for malicious actors.
During the first six months of 2021, the number of ransomware attacks on colleges and universities in the UK exceeded the total recorded for the whole of 2020. Further, education is currently the sixth most targeted sector for cybercrime, yet one of the least prepared with the highest security vulnerabilities present in application security, endpoint security, and software update.
Take individualised education plans (IEPs) as an example. Created to support students with special educational needs, they often hold sensitive data such as medical diagnoses, student educational performance details, annual goals and information on supplementary aids and services.
Given the potentially devastating damages that could occur from leaking this information, its imperative that higher education institutions implement sound data practices and security hygiene.
Updating SIEM solutions
One of the easiest access points for threat actors is legacy security information event management (SIEM) systems. Originally built for managing logs in legacy hardware environments, older SIEMs were built on siloed frameworks that were never designed to be connected.
Not only are they now slow and clunky compared to modern equivalents, but they are also inadequate at protecting environments with a growing number of users, rising volumes of data and sophisticated cyber threats.
Unfortunately, legacy SIEMs remain at the very heart of the IT and security strategies of many universities and colleges. Continuing to collect and house critical data, they make for an obvious and easy target for threat actors looking to inflict digital harm through attacks such as ransomware.
Attackers know that digital disruption can be hugely damaging for universities. By taking down student databases and library resources they can inhibit education and student progress that can result in massive reputational damages, forcing administrators into negotiating.
In order to combat attacks effectively, institutions should work to replace their legacy SIEM with modern SIEM solutions.
The benefits of doing so can be numerous, providing more efficient foundations for the ingestion and storage of log files, and enabling more efficient communication of security analytics across logs from a wide variety of sources. Indeed, modern SIEMs can transform security and data visibility, allowing administrations to detect, monitor and mitigate cyber threats, protecting their community’s data and operations.
Enhancements to modularity, scale, and control over data management can be realised to improve cybersecurity posture, while the efficient automation of relevant responses to both internal and external threats can dramatically improve productivity, speed of response and overall effectiveness. This includes the prioritisation of incidents, ensuring the issues that matter most are always addressed first.
A partnership approach
The University of Winchester (UoW) is a prime example of a higher education institution that has reaped the rewards of a modernised SIEM. With the aim of achieving greater network visibility and improved effectiveness in its security responses, the University partnered with a security and SIEM provider that were together able to boost its security posture.
Cost is a prime concern for educational institutions who can find it difficult to justify the budget. When it comes to SIEMs, many organisations are forced to limit the monitoring of their IT infrastructure to prevent spiralling costs that come with growing data volumes. However, it’s possible to avoid this by looking for, as the UoW did, for a tailored fair licensing model.
GDPR can also be a major stumbling block. Given the sensitivity of the data held by universities and colleges, changes to the management and protection of that data can understandably induce anxiety. To provide peace of mind to UoW, steps were also taken to ensure the institution retained complete control over its data.
UoW was supported with the installation of the solution, enabling it to hit the ground running with sufficient training to manage it independently. Indeed, UoW is a prime example as to why the Channel should seek to partner with a SIEM provider. By working together, combining products, services and expertise, organisations can offer more efficient and effective services to their customers that deliver improved outcomes.
Read the latest edition of PCR’s monthly magazine below: