Main Nav

Many of you probably have read the article in Thursday's INSIDE HIGHER ED about cyber security issues.  Peter Murray, vice president of CIO at the University of Maryland, Baltimore and also co-chair of the Higher Education Information Security Council, reports that his campus receives "an average of 12 to 15 million attempts to get unauthorized access to our network," plus upwards of 30 million daily spam emails."

The Campus Computing Project began tracking IT security issues 2006.  Below are national data on IT security issues from the fall 2012 survey.  Some key points:

    -- just over half (54 percent) of the 2012 survey participants view network and data security as a "very important" institutional iT priority over the next two-years years.  The top three IT issues in 2012 were the "assisting faculty with the instructional of information technology" (74 percent), followed by "providing adequate user support (70 pct), and "hiring/retaining qualified IT staff (69 pct).

    -- not surprisingly, universities as a group report more IT security incidents than to other (often smaller) institutions.   This seems to reflect the Willie Sutton rule: "rob banks cause that's where the money is."

    -- Lost or stolen computers (and storage devices such as USB drives) pose a major security problem for many campuses.

    -- Small, often  "independent" campus units that mount and maintain their own servers apart from Central IT are the cause of IT security issues at many universities. These are "petulant adolescents" for many CIOs and IT security officers because they want independence from Central IT services and procedures -- until something (bad) happens and then Central IT has to help clean up the mess.

    -- Although percentage of campuses that report security incidents linked to social media has been rising in recent years in some sectors.  These social media incidents may involve cyberstalking, bullying, etc.  In BA/MA institutions, the proportion of institutions reporting social media security indigents has doubled from 11 percent in 2006 to 23 percent in 2012 and has more than doubled (from 8 percent to about 20 percent) in public universities.

    -- Employee malfeasance -- an intentional T security incident created by someone working for the institutions -- has risen from XX percent in 2007 to 8.5 percent in fall 2012.  But the aggregate numbers mask important differences across sectors.  In public universities, the percentage of campuses reporting malfeasance in the context of IT security has risen from 7.6 percent in 2007 to 15.5 percent in 2012.  And in community colleges, the numbers are up from 8.0 percent in 2007 to 14.7 last fall.  This looks like a stress indicator, the reaction of overworked and underpaid IT personnel who have been asked, repeatedly, "do do more with less and do it better."

   -- The numbers for spyware and computer viruses have decline, reflected better user education over the past five years.

   -- Although most campuses have strategic plans for IT security and IT disaster recovery, a fourth do not have plans for IT security and a two-fifths do not have plans for IT disaster recovery.  Moreover, of those campuses that do have these plans, many (about a fourth) have not updated theses plans in the past two years.


I hope these data provide a useful supplement to the INSIDE HIGHER ED article and the larger conversation about cyber security during National Cyber Security Month.

ALSO: please note that the deadline for the 2013 Campus Computing Survey has been extended to Tuesday, October 8th.  My thanks to all who have already completed this year's questionnaire.  

Casey Green
Campus Computing

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at

PastedGraphic-7.tiff310.36 KB


Thanks, Casey for sharing the data regarding IT security collected via the Campus Computing Survey.  It is encouraging to see that nearly 75% of all institutions have an IT security plan that has been updated in the past two years.  Cyber security is a top priority for the University of Maryland Baltimore, and we do receive an average of 12-15 million attempts to get unauthorized access to our network every day.  I see from the survey results that between 60-70% of universities have had an attack on the campus network in the past year.  I was actually mis-quoted regarding the 30 million daily emails.  It is actually 30 million emails per week, or about 6 million per day, which is still not an insignificant number of spam emails.  The significant growth that we have experienced over the past year, which the article identifies, is with phishing attempts...and with more sophisticated phishing attempts.  That’s one of the reasons why I think having a cyber security awareness month is so important.  It gives us another opportunity to share resources and information with our campus community regarding phishing, spam, best practices for safe computing and how we are addressing cyber threats.    While we have a  number of other very important priorities at UMB, cyber security is a constant critical activity that is monitored closely every day. 





Peter J. Murray, Ph.D.

CIO and Vice President

University of Maryland, Baltimore

620 West Lexington Street

Baltimore, Maryland  21201-1508

410-706-2461 (office)

443-310-7810 (cell)




Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.