Back to the main page
Higher Education Is the Latest High-Value Target for International Cybercriminals
As massive data breaches at multiple US universities this year have proved, higher education institutions everywhere are becoming prime targets for cybercriminals.
Reasons for the targeting include the open, collaborative sharing and decentralized ecosystems that are characteristic of colleges and universities. The internal systems at colleges and research institutions contain personal financial information, intellectual property, and years of research results that are prized by thieves and nation states.
In fact, cybercriminals are specifically targeting colleges and universities. "Colleges and universities are experiencing millions of hacking attempts into information systems weekly," says Erica Daniel, Oracle director of industry solutions. "The impact of a data breach is not only financial but reputational, and can affect the competitiveness of an institution. Cybersecurity is no longer purely an IT issue but must be seen as a business issue as well."
Daniel is part of a steering committee in which industry experts discuss cybersecurity threats to higher education. The committee convened at an Oracle Industry Strategy Council meeting in Washington DC in June 2014.
Schools may endure a variety of consequences in the aftermath of a cyberattack, she says. Stolen social security numbers, bank account information, and passwords of students and faculty may lead to significant financial losses. In addition, if a school is seen as being unable to protect personal information it may be harder to attract new students. And a breach of valuable research findings could result in competitive damages as well as national security risks.
Modern Security Strategies
Today's cybercriminals are highly sophisticated and may have been commissioned by foreign governments, Daniel says. To counter these attacks, colleges and universities must develop holistic approaches to cybersecurity that go beyond the IT department to include faculty, administrators, and business department managers, she adds.
How else can institutions better defend themselves? "The National Institute of Standards and Technology (NIST) employs the best and brightest minds around when it comes to developing security standards. NIST's special publications for security provide comprehensive controls for protecting against threats to government services, citizen data, and national infrastructure such as power grids and water supplies. I think those security challenges are analogous to what we're seeing in higher education," says Daniel.
Oracle helps public sector organizations, including those in higher education, by designing its technology stack to conform to applicable NIST specifications, in many cases working with NIST to certify security tools to existing standards. This includes Oracle's engineered systems. That design focus gives IT managers greater visibility throughout the entire stack to detect anomalous activity. Management tools within engineered systems, such as Oracle Enterprise Manager, offer visibility into performance that can help IT managers spot anomalies.
New threats from widespread use of mobile applications is another important risk for modern security strategies to address. Oracle Mobile Security Suite gives IT managers a way to create secure containers to protect sensitive information on mobile devices.
Another focus area is the valuable security information institutions routinely collect in audit logs. Oracle Audit Vault and Database Firewall enables IT managers to perform detailed audits to help identify risks. For example, if someone attempts and fails multiple times to log into a database, the solution sends off a proactive alert. It also protects audit logs against tampering.
Learn more about Oracle security solutions for the public sector and the full breadth of Oracle security solutions, including Oracle solutions for mobile security.
To regularly receive more information about Oracle security solutions, subscribe to the free Oracle Security Inside Out newsletter.