Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss. So Schou, a professor of informatics at Idaho State University, set out with some of the school's IT workers to solve the mystery.
Turns out a young man in a nearby coffee shop was causing trouble. "He was running an access point and broadcasting without credentials on the same address as the university's access point, and people were logging in," Schou says.
Fortunately, the offender didn't access any protected information. That's because Idaho State, like a number of increasingly tech-savvy institutions of higher learning, had gone beyond deploying routine security systems, such as email filters and firewalls, and had adopted better, smarter and quicker ways to detect and repel would-be hackers.
Universities have no choice but to be on the forefront of IT security, Schou says. They simply have too many user constituencies to serve, too many different types of sensitive data to protect, too many computing and handheld platforms to support, and too many people trying, either for sport or for ill intent, to break down the their digital defenses.
Typical educational institutions house a treasure trove of material -- from HR records and student files to research data, much of which is proprietary and some of which may even be classified if it's related to work done on behalf of the U.S. government. They also have financial data, such as credit card numbers from students, alumni, parents and visitors. And if they have health clinics, as most colleges and universities do, they have medical records, too.
Moreover, would-be hackers aren't just attracted to all of that valuable data. Some have their eyes on the vast and powerful computer systems that universities maintain -- infrastructure that they can use (and have used) for their own purposes if they're smart and stealthy enough.
"At any given time, I'll have 30 or 40 folks doing things [on our network] that might be moving toward antisocial. They're looking at what I've got, seeing what's open," says Schou, who serves as Idaho State's security adviser and as the associate dean of the college of business.
This all happens in an IT environment that's typically supporting tens of thousands of devices of all makes and models, with a mandate to be as open as possible to facilitate communication, cooperation and collaboration.
It's not surprising, therefore, that breaches happen with some regularity on university campuses. According to data analyzed by Application Security, a database security company, there have been 435 reported breaches that affected 8.5 million records at U.S. institutions of higher education since 2005, the year that the Privacy Rights Clearinghouse and other organizations started tracking such events.
This independent paper from senior analyst Jon Collins at FreeForm Dynamics considers how Web-based security threats are evolving, within the context of IT trends including mobile, home computing and other forms of remote access that could potentially increase the attack surface of the companies. It defines the scale and types of threat, what to look for in a corporate web security solution and compares the different types of technological approach available to companies and the processes that need to be considered for effective protection.
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.
Social-networking sites have revolutionized how businesses use the Internet. Instead of relying on faltering newspapers to find job candidates, companies can access thousands of potential employees through Facebook and Twitter. But social-networking sites have also left businesses vulnerable to new security threats. So are they tools to be used or security traps to be avoided?
No comments:
Post a Comment