Once More unto the Breach

Click here to receive your FREE subscription to Campus Technology

Home > Once More unto the Breach

News Feature

Once More unto the Breach

4/13/2007

By David Nagel

BSI Management Systems.

But there have been several other, less dramatic examples in recent years.

Symantec has conducted an Internet Security Threat Report (ISTR), concluding that "20 percent of data breaches that could lead to identity theft between July and December 2006 occurred in the education sector," according to Symantec's Hart. "It was second only to government, which had 25 percent."

According to the company, "The latest ISTR marks the first time that Symantec has tracked data breaches that have exposed information that could lead to identity theft and tracked the trade of stolen confidential information. Theft or loss of a computer or data storage medium (such as a USB memory key) made up 54 percent of all identity theft-related data breaches. Twenty-eight percent of identity theft-related data breaches were caused by insecure policy, which includes the failure to develop, implement, and/or comply with adequate security policy. Together, theft and loss along with insecure policy made up 82 percent of all data breaches. Captured confidential data is often sold on underground economy servers, which are used by criminals and criminal organizations to sell stolen information."

Other incidents in higher education, which range from hacking to physical theft of equipment containing personal data, are numerous. One site, Educational Security Incidents, lists such security breaches by month. According to that site (which includes details on breaches and citations for sources of the information), there have been three in higher education this month; 10 in March; nine in February; and 13 in January. That's 35 so far this year.

Data Security: Approaches and Standards
But the problem isn't all in education. And it doesn't seem to be exclusive the the UC system, although the two most prominent security breaches in higher education in recent memory have occurred at UC institutions.

"I do not think this is a systemic problem," said Jon B. Fisher, CEO of data security provider Bharosa Inc. "I think the UC system is ahead of the curve regarding security. I think specific problems in data security include migrating from systems designed with communication in mind to systems designed with security in mind. The Internet is such a system. Some UC systems involve disparate philosophies/approaches tied to the different campuses that can make single sign-on application problematic [in terms of security]."

What can universities do? Most analysts and consultants we spoke with pointed toward both data encryption and a multi-faceted approach to securing data.

Said Bharosa's Fisher: "Many people think additional security means gadgets or smart cards or clumsiness or big changes to user experiences. These days, cutting edge security measures involve purely software-based approaches with no change to the user experience. For example, fraud detection technology enables authentication through identification of the user’s computer and/or user tendencies in addition to the simple username/password with the user noticing any change to the online experience."