Cyber Security Awareness - Why Higher Education Institutions Need To Address Digital Threats

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.huffingtonpost.com/jonathan-rajewski/cyber-security-awareness-_b_4025200.html

Prior to the first Cyber Security Awareness Month in October 2004,
discussions on national security had very little to do with technology.
However, due to the increasing threat of domestic and international cyber
attacks on America's public and private infrastructure after 9/11, a need
arose to promote cyber security beyond simple computer password protection.
Sponsored by the Department of Homeland Security's National Cyber Security
Division (NCSD) and the nonprofit National Cyber Security Alliance, Cyber
Security Awareness Month is a time to promote security awareness among all
participants in the digital sphere. Of course, the concept is much more
advanced than merely password protecting computers and mobile devices. A
recent article in Computer Weekly reported that cyber attacks, whether like
recent ones by the Syrian Digital Army or various groups of computer
hackers, will rise significantly in the next decade.

Higher education is one sector at exceptionally high risk of devastating
attacks. Colleges and universities report astounding rates of cyber
attacks, with millions of hacking attempts into information systems weekly.
While social security and bank account numbers are always at risk, higher
education institutions are also vulnerable to losing valuable intellectual
property such as patents awarded to professors and students, as well as
personal information of students, faculty and staff. Because of the
frequency of cyber attacks on institutions of higher learning, the need for
increased cyber awareness has never been greater.

To address these issues and promote cyber security proactivity among higher
education institutions, some of the foremost minds in information security
will come together at the "Being Data Aware Conference" at Middlebury
College in Vermont. Cyber security does not exist in a vacuum of everyday
measures to keep personal devices and information secure. During the
conference, legal and information technology experts, and cyber
criminologists will discuss this concept and promote higher education's
role as a first line of defense in keeping sensitive infrastructures safe.

In addition to promoting advanced security and digital forensic measures,
Cyber Security Awareness Month initiatives like the aforementioned
conference address emerging technologies and how they are integrated into
the cyber security sphere. Google Glass, one such technology, is raising
interest (and eyebrows) in the digital sphere, and is expected to be widely
available in 2014. I was lucky enough to secure my own pair earlier this
year, and can certainly see how this technology could face major security
breaches like other digital devices.

With its ability to be manipulated by touch, gesture or voice control,
Google Glass can be used to view and send information such as email and
text messages, directions and search results. Because of these features,
Google Glass has the potential to completely disrupt the current technology
world and how the higher education industry views data security.

The "Being Data Aware" conference will allow participants like myself to
engage with higher education personnel on the impact of Google Glass on
their industry, as well as its affects on the marketing, education and
information technology sectors, and potential security threats the device
may pose and the safeguards that are being discussed and developed in
response to them. With the limited distribution of Google Glass among
developers and adopters, many unintended uses are being fully explored and
exploited; anticipation has reached a rolling boil for those interested in
the product's commercial availability.

Cyber Security Awareness Month as a whole is about more than
run-of-the-mill recommendations about periodically changing passwords.
Conference attendees and everyone in the higher education industry need to
know about the real-life problems of identity theft and cyber attacks that
can devastate a university's infrastructure and its personnel's livelihood.

There are a myriad of ways personal information can be breached, including
viruses imbedded in PDF files, long thought to be immune to such threats.
In order to provide adequate personnel and resources to combat and stop
these threats, higher education institutions need to see the bigger picture
of intense cyber security threats that can do more damage than a hacker
stealing someone's email login. There is a reason Cyber Security Awareness
Month was instituted nearly a decade ago, and why digital professionals
seek to bring higher education professionals into higher-level security
discussions. It is not enough just to entertain the idea of advanced cyber
security in higher education, but action must be taken, as the future of
many institutions across the country depends on it.

Jonathan Rajewski is the Director of Senator Patrick Leahy Center for
Digital Investigation and Assistant Professor of Computer & Digital
Forensics at Champlain College in Burlington, Vermont, a private
institution that offers bachelor's and master's degrees in
professionally-focused programs balanced by an interdisciplinary core
curriculum.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.