Hello, and welcome back to this next TomCast from GuardSight, an IronBow Technologies company; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to discuss cybersecurity FOR education. You cannot see it, but I capitalized the word FOR there and am trying to emphasize it. Why? Well, we seem to be doing more and more throughout the nation with regards to educating folks in cybersecurity, but what kind of a job is being done to secure our educational institutions and industry from cyber attacks?
Cyber attacks on educational institutions are on the rise. As many industries have experienced, the educational industry is forever hamstrung by budget constraints. Unfortunately, these budget constraints have led educational institutions to working with what they have, which turns out to be outdated tech. Windows 7 operating systems still in use, for example. The inability to maintain or upgrade systems, licenses, or equipment while trying to educate the upcoming generations is an ongoing issue.
Imagine going to class, using the equipment they are providing, and having issues connecting due to an outdated operating system, or having someone start manipulating your data while you are in class due to the same. Or, even worse, you go to class to find out that classes have been cancelled due to the institution having fallen victim to a ransomware attack. That last one is getting more and more common.
Educational institutions contain loads of information that threat actors desire. All kinds of information is required when registering to any school, and that information gets updated throughout a student’s educational career. As much as some schools want to keep everything as secure as possible, (even with laws and regulations place), it comes down to budget and prioritization.
Look into schools and universities. Look first at the programs they provide (many offer great cyber-related curriculum choices), then look at the school or university leadership structure. See any cybersecurity positions? Any information security officers, or chief information security officers? All too often those positions do not exist, as the information technology infrastructure is managed by either the teachers/professors or by a lower level individual that is not well versed in security.
What is the solution? One cannot simply march into an educational institution and change how much they receive or change how they prioritize their meager budgets. What if we address the educational industry like any other? Look at it as a business versus a learning center. It is a business, after all, correct? Since cybersecurity professionals can be rather impactful to the budget (one analyst can chew up 40-70k at a minimum), why not engage with an MSSP?
The managed security services provider can provide that force multiplier that the industry needs. They can also manage cyber weaponry to ensure current licensing and versions, maximizing the protection required for sensitive information. An MSSP can also help educate the powers-that-be (industry leadership) on vulnerabilities, gaps, and exposures that can help drive decision-making. Limited budgets impact dang near every industry, so determining where the most useful places are that monies need to be focused is an important aspect of what an MSSP can assist with. We don’t want to be teaching the next generations about cybersecurity through adverse experiences if we can help it.
And yes, GuardSight is one of those MSSP’s that could assist in every area I just spoke of. Think about it for a moment. Hire one cybersecurity professional for a school or university that is charged with protecting hundreds, if not thousands, of students information as well as the institution’s data, assets, and endpoints, or hire GuardSight who can have multiple analysts performing those protective actions. The second option seems to make the most sense to me.
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight or IronBow can do for you, head on over to www.guardsight.com or www.ironbow.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!