Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Data on Cybersecurity
Many of you probably have read the article in Thursday's INSIDE HIGHER ED about cyber security issues. Peter Murray, vice president of CIO at the University of Maryland, Baltimore and also co-chair of the Higher Education Information Security Council, reports that his campus receives "an average of 12 to 15 million attempts to get unauthorized access to our network," plus upwards of 30 million daily spam emails."
The Campus Computing Project began tracking IT security issues 2006. Below are national data on IT security issues from the fall 2012 survey. Some key points:
-- just over half (54 percent) of the 2012 survey participants view network and data security as a "very important" institutional iT priority over the next two-years years. The top three IT issues in 2012 were the "assisting faculty with the instructional of information technology" (74 percent), followed by "providing adequate user support (70 pct), and "hiring/retaining qualified IT staff (69 pct).
-- not surprisingly, universities as a group report more IT security incidents than to other (often smaller) institutions. This seems to reflect the Willie Sutton rule: "rob banks cause that's where the money is."
-- Lost or stolen computers (and storage devices such as USB drives) pose a major security problem for many campuses.
-- Small, often "independent" campus units that mount and maintain their own servers apart from Central IT are the cause of IT security issues at many universities. These are "petulant adolescents" for many CIOs and IT security officers because they want independence from Central IT services and procedures -- until something (bad) happens and then Central IT has to help clean up the mess.
-- Although percentage of campuses that report security incidents linked to social media has been rising in recent years in some sectors. These social media incidents may involve cyberstalking, bullying, etc. In BA/MA institutions, the proportion of institutions reporting social media security indigents has doubled from 11 percent in 2006 to 23 percent in 2012 and has more than doubled (from 8 percent to about 20 percent) in public universities.
-- Employee malfeasance -- an intentional T security incident created by someone working for the institutions -- has risen from XX percent in 2007 to 8.5 percent in fall 2012. But the aggregate numbers mask important differences across sectors. In public universities, the percentage of campuses reporting malfeasance in the context of IT security has risen from 7.6 percent in 2007 to 15.5 percent in 2012. And in community colleges, the numbers are up from 8.0 percent in 2007 to 14.7 last fall. This looks like a stress indicator, the reaction of overworked and underpaid IT personnel who have been asked, repeatedly, "do do more with less and do it better."
-- The numbers for spyware and computer viruses have decline, reflected better user education over the past five years.
-- Although most campuses have strategic plans for IT security and IT disaster recovery, a fourth do not have plans for IT security and a two-fifths do not have plans for IT disaster recovery. Moreover, of those campuses that do have these plans, many (about a fourth) have not updated theses plans in the past two years.
I hope these data provide a useful supplement to the INSIDE HIGHER ED article and the larger conversation about cyber security during National Cyber Security Month.
ALSO: please note that the deadline for the 2013 Campus Computing Survey has been extended to Tuesday, October 8th. My thanks to all who have already completed this year's questionnaire.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.