Colleges and universities among highest risk for data breaches


While retailers and healthcare organizations have dominated much of the data breach media attention in recent weeks, a new study finds that the nation's colleges and universities are at even greater risk for cyberattacks.

In an email to FierceCIO, the security firm BitSight Technologies shared highlights of its new research report, "Powerhouses and Benchwarmers: Assessing Cyber Security Performance of Collegiate Athletic Conferences." The report finds that as a sector, the nation's top schools are at even greater risk for security breaches than are the retail and healthcare industries.

"From Social Security and credit card numbers to health records and intellectual property produced by research departments, colleges and universities house a vast amount of sensitive data," noted Stephen Boyer, co-founder and CTO of Bitsight. "While not surprising given the unique challenges universities face securing open campus networks, it's concerning to see that they are rating so far below other industries that we've seen plagued by recent security problems."

The BitSight study looked into security incidents at colleges and universities during the period from July 2013 to July 2014. Among the study findings:

Colleges and universities score around 600 collectively on the firm's security preparedness scale (which ranges from 250 to 900, with higher scores meaning higher security performance).

"This is considerably below retail and healthcare, two other industries that have faced serious data breaches this year," the study noted.

Colleges and universities "experience high levels of malware infections, the most prevalent infection coming from the Flashback malware," the study revealed, in addition to prominent malware Ad-ware and Conficker.

Overall security performance at colleges and universities declines significantly from the months of September to May, not surprisingly, when students are back at school in their largest numbers.

For more: 
- read the full press release from BitSight Technologies

Related Articles:
Can mobile devices make the grade in the classroom? [FierceMobileIT]
The state of learning management systems [FierceContentManagement]
Managing a BYOD program on steroids