Page 100 - Cyber Defense Magazine for August 2020
P. 100
In fact, New York City-based security analytics firm Security Scorecard ranked education last among 17
major industries for cybersecurity preparedness. This lack of vigilance is further illustrated by the
increasing number of cybersecurity-related incidents at higher education schools in recent years. For
example, Harvard University, Stanford University, University of Connecticut, Oregon State University and
many others are reported to have all experienced security breaches of varying degrees.
Make Application Security a Priority
One of the first and easiest steps to ensuring that security remains a priority, either on or off campus, is
to focus on application security.
For some time now, universities and colleges have used software applications in the classroom and
throughout the campus experience to aid students, professors, researchers and visitors in their work.
However, the current global health concerns have forced many schools to re-examine remote education
tools and implement new applications, to augment distance learning capabilities amid uncertainty. This
is especially true for schools that plan for classes to remain online-only in the fall. Under the high-pressure
circumstances of managing expectations for professors, students and even parents, it might be easy to
overlook proper security protocols in the technology, when preparing for a non-typical college experience.
There are several causes of this security oversight, and not all of the responsibility falls on the universities.
Sometimes, software vendors cut corners in the software development process, and that can result in
vulnerabilities that are easy for hackers to exploit within applications.
Applications Need Rigorous Testing Before Deployment
Most higher education institutions rely on a mix of in-house and third-party applications for instruction
including Blackboard, Canvas and others. Regardless of where or from whom the applications are
sourced, they must be rigorously tested for vulnerabilities and exploits before they are deployed for use
at the university.
To know if an application has been properly tested and secured, university IT teams should thoroughly
research the products the universities are considering for use and understand the apps as much as
possible. If they are confident in the development process used and are assured that appropriate testing
and scanning was completed with dynamic application security testing (DAST), static application security
testing (SAST), and software composition analysis (SCA), that is a step in a positive direction. Any failure
to properly test and secure applications will undoubtedly leave students, professors, administration and
university property vulnerable to exploits and hackers.
Security Training for Students
Another priority to securing a university or college is educating the students and faculty about common
practices used to launch cyberattacks on applications and campus networks. These include phishing
attacks, human error, and techniques like formjacking. Most, if not all schools, offer an orientation for new
students, and an orientation session just might be a perfect opportunity to highlight cybersecurity risks
and help students to understand how to safeguard themselves and their personal data from any attempts
by malicious actors to gain unauthorized access to campus applications.
Cyber Defense eMagazine – August 2020 Edition 100
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.