Data breaches have increased globally across all sectors. Despite organisations working to strengthen their cyber defences and incident response capabilities, many have experienced at least one data breach in the last 18 months, with 48% of businesses experiencing a breach during the pandemic. The higher education sector is no exception; in 2020, 54% of UK universities reported a data breach to the Information Commissioner's Office (ICO). Due to its reliance on technology to deliver course content remotely, the cyber-attack surface has rapidly expanded for higher education institutions making them increasingly vulnerable.
Financial
According to a January 2022 SUMS Consulting report The Chief Information Officer (CIO) of Tomorrow in Higher Education, challenges from cyber-attacks with risks have increased since 2019. Between 2020 and 2021, 30+ universities were seriously affected.
These incidents had an average estimated cost of £2m. In addition to the financial costs, there is a significant disruption to major campus services of between 10-20 days, depending on how prepared each university was.
According to Ponemon Institute's Cost of a Data Breach Report 2021, many factors are to blame, including detection and escalation, loss of business, notification, reputation, and General Data Protection Regulation (GDPR) fines. According to the research, the average lifecycle of an attack - from initial discovery to remediation - lasted 287 days. For UK organisations required to comply with the GDPR, the ICO must be notified within 72 hours of discovering a data breach. The EU data protection authorities set the maximum fine at £17.2 million or 4% of annual global turnover - whichever is greater. Therefore, it is in the institution's best interest to identify and get to the root cause quickly and accurately to help minimise the impact.
Student recruitment
Higher education institutions are still feeling the impact of the pandemic. With international enrolment expected to be down 10% during the 2021/2022 academic year, this naturally comes with its financial repercussions. Irrespective of this, for those making their selection, technology remains a crucial consideration. This remains true regardless of whether that's the technology responsible for delivering course content in an interactive remote format, protecting personal data, or beyond. However, when it comes to personal data, savvy students are aware of its value. Research conducted for our 2019/20 whitepaper - the Ethics of Student Data - indicates that two-thirds of students would be less likely to apply to their chosen university if they knew about a poor data security record. Therefore, to support student recruitment, it is in the institution's best interest to follow cybersecurity best practices.
Brand reputation
A data breach can also damage reputation and brand trust. Regardless of the size of the breach (and the institution at the centre of it), organisations are likely to find this news reported in mainstream and social media. This can affect future investment. A swift response can reassure both students and the public; the length of time taken to discover, contain, and rectify a data breach or recurring incidents could prove incredibly damaging over time, particularly as competition amongst higher education institutions continues.
How can institutions mitigate cyber risk?
The pandemic demonstrates that cybercriminals are becoming more sophisticated and determined. This means that gaining access to a university network is likely, mainly as institutions work to adopt disruptive technologies and focus on digitalisation. So how can cyber risk be mitigated?
Skills training
As sophisticated attacks are increasing in frequency with over 996 security incidents and over 4 billion records compromised in the UK in 2021, your team must be equipped with the knowledge and necessary skills to identify and mitigate cyber-attacks. According to Computer Weekly, half of UK firms lack basic cyber security skills such as storing personal data, setting up firewalls or detecting malware. While there are calls to introduce cyber security education for children as young as eight, cyber security training is required for professionals to bridge the cyber skills gap and ensure the modern workforce can meet the cyber challenges of 2021 and beyond.
Cloud-security
As Higher Education institutions continue to evolve, cyber security will be a pivotal consideration to protect against financial and reputational damage. The latest research indicates that attacks tend to be more successful with on-premises systems than cloud alternatives, and those who have prioritised cloud security in recent years are already seeing the benefits. On average, organisations further along in their cloud modernisation strategy contained their data breaches on average 77 days faster than those in the early stage of their modernisation journey.
So, not only can cloud security bolster cyber security strategies through proactive monitoring and scanning, but other benefits include increased elasticity, agility, accountability, availability, and strategy, helping to enhance the broader student experience. These benefits are also significant for those working towards more comprehensive digital transformation objectives. However, making an immediate switch can be costly and time-consuming. Already stretched higher education teams cannot afford to disrupt their operations or take on such resource-intensive tasks; equally, they can't afford to do nothing.
Therefore, many are opting to reshape their current solution, taking advantage of a Software as a Service (SaaS) model of cloud delivery. Outsourcing systems and services with a trusted third-party significantly reduces the risk of a breach by implementing cybersecurity best practices, which helps to maintain compliance with GDPR and other data protection regulations. It also puts the onus on the provider to ensure a robust risk management strategy is in place, reducing internal pressure for your team and maximising your institution's investment in the technology.
Migrating your Student Information System to the cloud isn't going to happen overnight - but we have the solution to taking your first steps.
In the history of Student Information Systems, many institutions have run their installations on-premise with internal IT teams looking after the maintenance and management including tasks like upgrades, monitoring and patching. These tasks are time-consuming and take up large portions of the IT budget. Staff time is focussed on delivery rather than innovation and creating competitive advantage for the university.
Delivering in this way also creates unnecessary operational risk. What happens if these highly skilled people choose to leave? Who can be trained in what time period to ensure continuity of service?
Using 20+ years of experience helping universities implement world-class student information systems, we are best placed to help you migrate to the cloud and take away the pain of running on-premise.
Have you caught up on Tribal's Cloud Bytes Podcast?
The things to think about, when you're thinking about Cloud - in under 10 minutes!
From security to sustainability and from staff to students - watch all episodes of Cloud Bytes - Tribal's video podcast, hosted by Matt Avery. Look out for new episodes uploaded each month. If you'd like to appear on the podcast, get in touch at cloud@tribalgroup.com.