A lesson in security: Strengthening higher education’s defences
I really believe that, when society comes together, we can overcome any challenge.
The war against cybercriminals is ongoing, and it’s not something we can conclusively ‘win’ per say. But through collaboration, we can keep pace with evolving threats and minimise risk to some of our most important institutions.
But what are the most valuable institutions we need to protect?
Hospitals are the first thing that comes to mind. For those in need of healthcare, access to a secure, seamless health service is literally a matter of life and death. Defence too, in the interests of national security, needs to be invulnerable to attack.
Another area that must remain a priority, however, is education.
Academic institutions are in a unique position. They harbour data that touches on all areas of society – from science and technology to defence and transport. High-end research, intellectual property, patents, personal data – all of these reside within universities’ digital walls.
Furthermore, they’re collaborative by nature. Campuses share information with other universities, businesses, and central governments – both at home and abroad. If penetrated, universities can act as an entry point to other critical areas.
The consequences would be bad enough in the hands of criminals. We all saw how 2017’s WannaCry virus sent shockwaves throughout the NHS – the same virus rippling from universities through to other key organisations could cause chaos.
But the depth and breadth of information at risk makes it of interest not just to organised crime, but also to other nation states.
There’s a lot at stake. And that’s before considering how students’ expectations are higher than ever before. Universities are aiming to make resources available anywhere, anytime. But doing so in a safe, secure manner is no simple task.
A unified solution
But as I said, no challenge is insurmountable when we work together. And I think really a great example of this are the steps Brunel University took to strengthen its defences.
Cisco is in the middle of a five-year project to help them overhaul their security. At the beginning of the initiative, internal audits showed there were a number of vulnerabilities that needed to be addressed. In particular, their culture of handling data was not as strong as it needed to be – resulting in phishing attacks and network-intrusion incidents over the years.
This is a big project. And while the easy option would have been to rush together a solution using a handful of different vendors, in reality, this wouldn’t be sustainable. Instead, the university choose to work with just two companies, and create a single unified platform.
From firewalls and network security to email, cloud, and endpoint defences, each facet of the solution has been designed to work seamlessly together.
All of these capabilities work together to provide greater intelligence, automation, and stronger defence. Security analysts aren’t bogged down in false alerts and can do their job much more efficiently.
We’re just 2.5 years into the project, but already the university is seeing great results – particularly when it comes to threat detection times. Threats can now be identified, intercepted, and contained much more quickly.
Overall, there has been a 70% raise in efficiency through improved threat detection, incident resolution, and reduced end user downtime. It’s a fantastic result.
Not only that, but the reputation of the security team has pivoted. Once seen as policemen, they’re now problem solvers. Their influence has spread throughout the organisation, and business units know they can be relied on for support when it comes to putting proper privacy and security controls in place.
Looking to the future
Now that the foundation is in place, the next part of the project is optimisation. This means training more members of staff, further streamlining systems, and adapting their approach to guard against evolving threats.
It’s also been great to see the additional benefits that have come with the project. I already talked about how the role of the security team changed – which has been great for staff morale. But strong defences also mean the university can scale its resources much more effectively.
It’s even been able to win business more effectively, as many partners are looking for universities that take cybersecurity seriously.
Ultimately, Brunel University has been really successful. Like I said, anything is possible when we come together. And this really was a story of collaboration – from the partnership of the vendors to the motivation of the entire organisation.
As the university continues on their journey, they are a great model for how other educational institutions – and other organisations in general – can approach cybersecurity.
To learn more about how to simplify cybersecurity in a remote learning world, register for our webinar on 1st October, 2020.