A new reveals that as a sector, the nation's top schools are at even greater risk for security breaches than retail and healthcare.
The report, "Powerhouses and Benchwarmers: Assessing Cyber Security Performance, said: "From social security and credit card numbers to health records and intellectual property produced by research departments, colleges and universities house a vast amount of sensitive data. While not surprising given the unique challenges universities face securing open campus networks, it's concerning to see that they are rating so far below other industries that we've seen plagued by recent security problems," said Stephen Boyer, co-founder and CTO of BitSight. "But, there are schools that perform well above the aggregate ratings for other industries, and the fact that the highly rated schools that we looked at all employ a CISO or director of information security, demonstrates that a top-down commitment to security and risk is crucial. These schools should serve as an example for other colleges to benchmark their performance against."
Key Findings from the report include:
Schools at the Bottom of the Draft - Colleges and universities are failing to adequately address security challenges, with the Security Ratings of athletic conferences averaging around 600. This is considerably below retail and healthcare, two other industries that have faced serious data breaches in the past year.
Blitzed by Malware - Higher education institutions experience high levels of malware infections, the most prevalent infection coming from the Flashback malware, which targets Apple computers. Other prominent malware include Ad-ware and Conficker.
Homecoming Challenges - Overall security performance declines significantly during the academic school year months of September to May. The conferences see an overall 30 point drop in Security Ratings. This is likely due to the influx of students and devices on campus networks.
Powerhouses have a Playbook - The schools included in our analysis with a Security Rating of 700 or above all have a dedicated CISO or Director of Information Security on staff. Such prioritization of information security is a key indicator of better security performance.