Security breaches challenge academia's 'open society'
Computerworld - While all the attention lately has been focused on security breaches at our nation's data consolidators, U.S. universities have also been notifying thousands of employees, students and alumni to monitor their personal accounts for unusual activity. The University of Iowa recently became at least the 16th college this year to publicly disclose a breach of its information security (see table).
What's going on? Have hackers opened up a campaign against our colleges?
The answer is probably no. Computer-savvy students have been probing and exploiting university networks for a long time, ever since the 1983 movie War Games glorified the teenage hacker.
It's likely that we're hearing about these university breaches now because of the California Security Breach Notification Act, which went into effect in January. The act requires notification of California residents if unauthorized users may have accessed their sensitive information. The law has effectively resulted in the notification of all potentially affected people, however, because no organization wants to be seen as caring about the safety of only Californians.
But I don't think we're going to see a drop-off in the number of university breach notices anytime soon. Why? Because a number of factors have converged to put colleges uniquely at risk to ongoing compromises of their information security.
The most fundamental factor is the openness of the university. The free and open exchange of ideas has long been at the core of the university mission. As a result, the typical campus is physically open to all comers; no identification badge is needed. Its intellectual property is openly aired, and members of the college community interact in public forums online and off-line. Names of professors are public knowledge much more often than their middle-management counterparts in private industry, and rosters of students aren't hard to come by, either. The campus is like this because everyone there, except IT security, wants it that way.
But what's the risk of this openness? When it comes to IT security, it means there's more opportunity for social engineeringfor a hacker to impersonate a targeted individual in obtaining his access credentials.
A more recent phenomenon contributing to college IT risk has been the widespread webification of university business processes. Within less than a generation, the typical campus environment has transformed itself from bricks-and-ivy to clicks-and-ivy. The list of processes that have made their online debut is a long one:
- New-student application and selection
- Course registration, instruction and testing
- Grade distribution
- Instructor evaluation
- Financial-aid application and awarding
- Dorm-room selection
- Library accounts
- Campus purchases
- Tuition billing and payment
- Campus and alumni directories
How does this colossal move online affect IT security? By bringing more offline information into the realm of what the hacker can access remotely. Universities that still use the Social Security number as a student ID are even more vulnerable, because that single piece of information can often be used as the key to unlock many of these online accounts.
- Are You Prepared for a Software Audit? Just the word "audit" is enough to make anyone shiver, and when it comes to a software audit, the reaction is no different....
- 2014 Gartner Magic Quadrant Report For the 7th year in a row, Riverbed is in the "Leaders" Quadrant of the 2014 Magic Quadrant for WAN Optimization Controllers. In...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization Read this white paper to learn how far WAN optimization has come, and how to make this most of your investments by using...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!