Skip to main content

Cybersecurity And Higher Ed: The Challenges

(Image credit: Unsplash: Taskin Ashiq)

Curtis Carver is Vice President for Information Technology and Chief Information Officer at the University of Alabama at Birmingham, and a member of T&LU’s advisory board. He has spent decades in higher ed IT, including stops at the University System of Georgia and West Point.

In the second installment of this three-part series, he discusses the challenges higher ed leaders face when it comes to cybersecurity.

Part 1: What You Need to Know

Part 3: Practical Advice

So what are the biggest challenges that higher ed leaders currently face when it comes to implementing the protections that will best defend their institutions from digital threats?

1. Doing risk calculation

What do I prioritize first? With all the threats out there, it can be very daunting.

2. For research universities, be aware of compliance with granting agencies

If you’re going to do research, not only do you have to implement additional security standards, but the granting agency may send an evaluator to your campus to evaluate your compliance. And how you score on that evaluation affects which grants you can apply for. 

3. Finding a proper balance

We’re in a heavy threat environment, and that environment is smart, and it will continue to mature and grow increasingly sophisticated. As that’s occurring, you have to have countermeasures in place.

For example, we had a distributed denial of service (DDoS) attack last year; we successfully defended against it. The attacker then morphed their approach, and because they could tell we were being successful against it, they morphed again, requiring that we counter again. From a user perspective, no one knew this kind of fight was taking place because we were able to shield them, but for us, it was a two-month battle with a combination of technology and policy. 

On the positive side, we were able to stop it; if this attack had happened in 2015, we would’ve been down for two months. But because of our investments, no one even noticed we were under this significant attack. We’re a university healthcare system--we can’t go down an hour, let alone two months.

So preparing and conveying to senior management the need to prepare. You have to be on the front edge of the curve or you’re just crushed.

In Part 3, Carver offers some practical advice regarding cybersecurity for higher ed institutions.