The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The shift to virtual and hybrid teaching, learning, work, and services brought on by the continuing pandemic has only accelerated cybersecurity risks for education institutions of all levels. While data breaches are common across all industries, the risk for education is particularly acute given the sensitivity of students, faculty, staff, and research data. The increase in individuals accessing school systems outside of the campus and on personal devices has increased the threat surface exponentially, as has the proliferation of third-party, cloud-based applications and services. Adding in the fact that many institutions are understaffed and/or have insufficient security measures in place makes universities and schools attractive, easy, and lucrative targets for cybercriminals.
A recent report from Inside Higher Ed outlined the increase in cyberattacks on colleges and universities worldwide that bring significant operational and financial costs, with 74% of attacks on higher education institutions succeeding. In one instance, the University of San Francisco paid a $1.14 million ransom to avoid the release of stolen student data.[1] In the United Kingdom, the University of Hertfordshire suffered a devastating cyberattack that knocked out its IT systems, including Office 365, Teams, and Zoom, local networks, Wi-Fi, email, data storage, and VPN.[2]
Schools face this challenge as well. In October 2021, the Conseil des écoles publiques de l’Est de l’Ontario (CEPEO) in Ottawa, Canada, experienced a cyberattack that breached the personal data of current and former employees dating back to 2000, including social security numbers, bank account details and credit cards numbers, and dates of birth.[3] More recently, the South Redford School District outside of Detroit, Michigan, experienced a cyberattack in September 2022 that put the personal data of over 3,000 students at risk, forcing the district to close school as they researched the source and impact of the attack.[4]
Nearly three quarters of cybersecurity attacks on universities are successful. The operational and financial costs of these attacks are substantial.
Addressing new challenges and environments
Education IT and security leaders need to shift away from traditional security approaches, which assume that data inside the network is trustworthy. This assumption no longer holds true as the proliferation of mobility, personal devices, IoT, and cloud adoption increases the risk and complexity of secure data management. The new security strategy must follow a zero-trust model, which considers all resources to be external and continuously verifies trust before granting only the required access.
This new strategy supports security resilience, which is the ability to protect the integrity of the institution to withstand unpredictable threats or changes, and then emerge stronger. Security resilience moves from siloed, standalone security that focuses on threat prevention and treats all alerts and threats equally, to security resilience that focuses on detection/ response/ recovery, is connected, and considers context. This new approach helps organizations support workers anywhere and anytime, using a cloud-centric approach for the enforcement of security policy so that data and devices are protected. It also includes reducing complexity and improving the user experience by consolidating multiple disparate security capabilities and delivering them from the cloud.
Uncertainly has become the new normal for our customers, and they are making investments to strengthen their security resilience. With its commitment to education and a complete portfolio of solutions to meet the needs of global education institutions, Cisco® helps customers to leverage existing investments collectively and realize the benefits of security resilience.
Zero trust is the security strategy of the future. This strategy ensures people, data, and devices are protected regardless of location.
To learn more about education and technology, visit cisco.com/go/education, and to learn more about security resilience, visit our security resilience page.