Security breaches challenge academia's 'open society'
Computerworld - While all the attention lately has been focused on security breaches at our nation's data consolidators, U.S. universities have also been notifying thousands of employees, students and alumni to monitor their personal accounts for unusual activity. The University of Iowa recently became at least the 16th college this year to publicly disclose a breach of its information security (see table).
What's going on? Have hackers opened up a campaign against our colleges?
The answer is probably no. Computer-savvy students have been probing and exploiting university networks for a long time, ever since the 1983 movie War Games glorified the teenage hacker.
It's likely that we're hearing about these university breaches now because of the California Security Breach Notification Act, which went into effect in January. The act requires notification of California residents if unauthorized users may have accessed their sensitive information. The law has effectively resulted in the notification of all potentially affected people, however, because no organization wants to be seen as caring about the safety of only Californians.
But I don't think we're going to see a drop-off in the number of university breach notices anytime soon. Why? Because a number of factors have converged to put colleges uniquely at risk to ongoing compromises of their information security.
The most fundamental factor is the openness of the university. The free and open exchange of ideas has long been at the core of the university mission. As a result, the typical campus is physically open to all comers; no identification badge is needed. Its intellectual property is openly aired, and members of the college community interact in public forums online and off-line. Names of professors are public knowledge much more often than their middle-management counterparts in private industry, and rosters of students aren't hard to come by, either. The campus is like this because everyone there, except IT security, wants it that way.
But what's the risk of this openness? When it comes to IT security, it means there's more opportunity for social engineeringfor a hacker to impersonate a targeted individual in obtaining his access credentials.
A more recent phenomenon contributing to college IT risk has been the widespread webification of university business processes. Within less than a generation, the typical campus environment has transformed itself from bricks-and-ivy to clicks-and-ivy. The list of processes that have made their online debut is a long one:
- New-student application and selection
- Course registration, instruction and testing
- Grade distribution
- Instructor evaluation
- Financial-aid application and awarding
- Dorm-room selection
- Library accounts
- Campus purchases
- Tuition billing and payment
- Campus and alumni directories
How does this colossal move online affect IT security? By bringing more offline information into the realm of what the hacker can access remotely. Universities that still use the Social Security number as a student ID are even more vulnerable, because that single piece of information can often be used as the key to unlock many of these online accounts.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts