Page 55 - Cyber Warnings
P. 55
When many of today’s cyberattacks occur as a result of compromised credentials, this kind of
lax security poses a real worry to IT teams within universities.
University systems are likely to hold the healthcare records, university files, bank details,
addresses, phone numbers and much more for each student — and the practices by the
students themselves are risking that data to exposure.
This combination of slack security and valuable information is a gold mine for cybercriminals,
and a nightmare for IT professionals working in universities to protect students.
To put things into context, a recent report by Dark Reading uncovered that thousands of stolen
and fake student, faculty and alumni email credentials were available to buy on the dark web.
The usernames and passwords were linked to 300 of the largest and most well-known
universities in the US. And with prices ranging from anywhere between $3.50 to $10 per email
address, it’s clear that these credentials are in high demand.
University IT teams therefore must do more to protect their students, which is hard enough
when the students barely help themselves.
Education with regards to cybersecurity is obviously key, but there’s only so much students will
take in before lapsing back in to bad habits. And those who do change their ways are still
human.
They’re still prone to making mistakes like clicking on a link in a phishing email and giving up
their university login credentials unknowingly.
So, what can you really do to better protect students?
Prevention is better than cure
In the past, IT teams within the education sector have only implemented security policies as a
reaction to a breach, rather than pro-actively and pre-emptively put policies in place. That needs
to change — in particular to protect against compromised logins.
To better protect education institutions and monitor for potential threats, IT teams must take
preventive measures to implement a network access control and identity management system
that stops hackers in their tracks.
The future of identity management is therefore context-aware security. Context-aware security
verifies the legitimacy of a login based on more information than just the correct username and
55 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
