INDUSTRY WATCH
An additional issue here is that creativity is
not limited to just the students. For example,
the university’s technology management
teams, with their wide remit and increasingly
low funds, often search and find ways
to solve network problems with creative
scripting and workarounds. This creativity
leads to network environments which are
highly complex, creating a much larger
attack surface area as a result.
Protecting a university’s network
and data
In today’s world of rapid growth in
personal devices, it is vital that universities
implement radical changes to the design of
networks. Universities must invest in their
digital environment and ensure that they
modernise data management practices,
remove complexity and isolate sensitive
services from student activity.
They also must enable the online
environment to understand threats quickly
and react accordingly. For example, AI
threat detection and automated threat
response can detect malicious activity and
restructuring the environment can isolate
sensitive services from student activity.
By restructuring and investing in their digital
environment, universities will be able to offer
internal and external nefarious attackers
fewer opportunities to attack, as well as less
time to do so.
Cybersecurity as a priority
The internal and external threat to
universities’ cybersecurity is real and it is
crucial that universities understand it as such.
When it comes to data and network security,
complacency is the real danger.
Universities should invest in their own
cyberspace security and reduce the need for
in-house security teams to become creative
when it comes to network problem solving.
By investing in cybersecurity and redesigning
their networks, universities can be safer
from internal and external threats, keeping
valuable data out of hands of hackers and
networks up and running.
Steve Mulhearn, Director of Enhanced
Technologies at Fortinet, offered some
additional thoughts on university
76
INTELLIGENTCIO
//////////////////////////////////////////////////////////////////////////
institutions securing their network
infrastructure against hackers:
The importance of a secure and
stable network connection for staff
and students at universities
We must remember that the network as a
whole is now as important to infrastructure
as electricity and gas. Everybody relies
on that network for it to be available
and as trouble-free as possible. From
our perspective, very often this level of
infrastructure is almost just expected to
work. As soon as that network isn’t available,
the damage and disruption it causes to
staff and students is outrageous. All of
a sudden, everything they’re doing from
a sharing perspective; from information
sharing, from access to social media and
even just publishing their own information,
is absolutely critical. It is now that fourth
emergency service for them.
Network safeguarding when research
suggests hackers could be students
One of the startups I created was with the
University of Michigan. Whilst working with
them, we accessed a network to understand
student behaviour which gave me a great
insight into how they do what they do.
The insider threat in those environments is
significantly higher than probably any other
area in our customer base. I could have
a disgruntled employee, but that doesn’t
mean they’re going to do something
malicious. I always break it down into
three groups; mischievous, malicious and
criminal. Unfortunately, the students fall
into the first two. Mischievous – can I just
do it? Malicious – can I do it and improve
my grades? The insider threat comes from
mischievous and malicious activity. It’s
typically not from criminal activity because
that would lead to organised crime and I
would hope that university students aren’t
into organised crime.
Implementing radical changes to the
design of university networks
I think this is very important. Very often we
discuss how they can reduce the risk to their
network. It’s not just about bigger, better,
faster. It’s also about understanding risk and
historically, universities haven’t been risk-
averse – they’ve actually accepted quite a
high level of risk in the level of access they’ve
given students in open networks and sharing
of information. This assumes a trusted user
but unfortunately, that isn’t true. Universities
almost have to reassess it and question how
they protect themselves from inside and
outside threats. Many universities don’t
even know where their critical assets sit and
obviously with the standards of GDPR, they
must now protect this data and be aware of
its location and importance.
This information is worth a fair amount
of money on the black market, so
universities must understand the design. It’s
all about segmenting the network internally
and not just at the perimeter – this is a way
of modernising part of a university’s
data management.
Using technologies such as
AI to detect threats and
automate processes
I think you have to be honest about what
AI can do. I don’t like the term ‘Artificial
Intelligence’ because for me, if you take
the science fiction view of it, is not what
we do. What a lot of systems do today
is Augmented Intelligence and Machine
Learning. These technologies have a huge
part to play because of the lack of resources
and operational staff that these institutions
have. So, they can help them quite
dramatically. An area I’ve worked in for quite
some time is behavioural analytics. I’m not
looking at 95% of people, I’m looking at the
5% of people that do something different
and if I can do that and Augmented
Intelligence and Machine Learning can help
me, that’ll enable me to spot suspicious
targets. If I can see it, I can do something
about it. If I’ve got no visibility of it, I’m
never going to do anything about it.
Restructuring a university’s digital
environment to benefit the institution
I think it’s about efficiencies – using
technology in the right place and not
just throwing it at anything. Everybody
talks about Digital Transformation – in
government, in local government, in
universities – that must go hand-in-hand
with security transformation. Therefore,
when you’re restructuring the university’s
digital environment, you’re looking to get
people working on what’s most important. n
www.intelligentcio.com