Beyond the Campus Gates: Cyber Tops Risks for 2018
It’s no secret that cybersecurity concerns are a daunting challenge for higher education with their sprawling networks and databases.
But industry leaders are predicting that data security will be one of the most serious threats facing higher education in 2018. The number of data breaches in the sector was up 103 percent from last year for the first half of 2017. And, according to a recent survey by Netwrix, a data security analytics firm, an estimated 77 percent of U.S. universities are unprepared for today’s data security perils.
As we have reported in our ongoing series on Stanford University, data breaches affecting educational institutions have the potential to reveal stockpiles of confidential information.
Yet, the risks extend far beyond the campus gates. In this post, we discuss three distinct cybersecurity threats that pose particular concerns to higher education.
- Proprietary Research. U.S. research labs play a pivotal role in conducting important scientific and technological research. Not surprisingly, this is a prime target for corporate espionage and infiltration by foreign governments, as the FBI has warned. According to bureau guidance, the risk is particularly acute when stolen data permits hackers to gain a competitive advantage or would prevent researchers from bringing their intellectual property first-to-market.
- Classified Research. U.S. academic institutions also work hand-in-hand with the Department of Defense and other intelligence agencies to conduct sensitive technological and arms-related research. Unauthorized disclosure of classified or other export-controlled material has the potential to threaten the national security, especially if foreign intelligence or other hostile organizations gain access to classified information.
- Human Subject Research. “Human subject research” or HSR is any type of medical or social science research, like surveys or interviews, involving observation of human participants. HSR potentially spans a wide variety of disciplines, from psychological testing to political science research on voting behavior. HSR is subject to strict confidentiality requirements under the Federal Policy for the Protection of Human Subjects (the “Common Rule”), which has been adopted by at least 15 federal agency grantors. A breach exposing HSR could reveal the most private information about research participants.
According to one recent study by the Ponemon Institute, the average per capita cost in 2017 for each compromised record at a U.S. educational institution is $245. This estimate reflects, among others, the expenses of breach detection, remediation, and notification to victims.
But these “hard” costs tell only part of the story. A breach could endanger ongoing research studies as well as jeopardize future federal grants and corporate sponsorship, given the implications if such information is stolen, misused or even worse by a nation state or bad actor. There’s also the risk that a cybersecurity incident could chill additional research – either because grant money dries up, scholars fear that their projects are vulnerable to hackers and exploitation, or that their research findings are “scooped” – or be stolen and misused by hackers, undermining opportunities for academic journal publication, weakening scholarly credibility and ultimately disincentivizing future research.
The Department of Education has taken note. It established the Privacy Technical Assistance Center, or “PTAC,” as a “one-stop” resource for educational stakeholders to learn about data confidentiality and best privacy practices. Its guidance, including a Data Security Checklist, provides a useful resource for administrators responsible for data stewardship.
As these threats continue to rise, we will closely monitor relevant updates in the higher education sphere.