• Wed. Nov 16th, 2022

3 Changes Driving the Need for Better Incident Response in Higher Education

ByElla E. Kidwell

Jun 24, 2022

For higher education institutions dealing with today’s sophisticated cybercriminals, the stakes are high: a successful breach can result in potential disruptions to student success; loss of private student, faculty and research data; damage to reputation; and even the risk of legal action.

Incident response programs help mitigate the impact of such events by enabling higher education institutions to act quickly and thoroughly in the likely event of a compromise. Many organizations already recognize the value of such a program, but in this global threat landscape, it’s impossible to be over-prepared.

LOCK YOUR DATA: Explore processes, solutions and services to strengthen your incident response program.

Here are three important reasons why you should consider adopting or expanding your incident response plans this year:

1. Ransomware attackers move quickly once inside your network

According to cybersecurity website Dark Reading, the median dwell time for all cyber incidents fell from 56 days to 24 days between 2020 and 2021. Although the drop is partly due to organizations’ growing ability to detect threats , the truth is much grimmer: The overall wait time has dropped dramatically because today’s ransomware stays on the network for an average of just five days before locking organizations out of their systems.

“It’s going so fast, so stealthily, that we don’t even have that much time to detect inconsistencies before we’re already locked down,” says Mikela Lea, CDW Field Solutions Architect specializing in security assessments.

The reduced time between system infiltration and the arrival of ransomware requests makes it even more critical that IT teams have a plan in place to respond to incidents as soon as an inconsistency is detected. This is especially true in higher education: Sophos’s “The State of Ransomware 2022” report notes that 64% of higher education respondents were affected by ransomware in 2021.

Click on the banner below for exclusive content on cybersecurity in higher education.

2. New mandates make incident response a broader priority

Cybersecurity insurance policies can reduce the financial impact of a higher education security incident. However, with the ever-increasing threat of ransomware and other attacks, insurance companies have become less willing to foot the bill for customers who fail to take precautions.

This reluctance can lead to one of two outcomes for organizations: their insurance companies may not provide coverage without certain proactive measures in place, or their premiums may increase.

For some organizations, these consequences have caught the attention of finance or other senior executives who had not previously been involved in security. This means that higher education IT professionals must be prepared to defend their incident response plans should they come under the spotlight with new stakeholders.

3. Evolving solutions require governance and security documentation

The pace of change within higher education also reinforces the need for formal security policies and procedures. For example, even before the COVID-19 pandemic accelerated cloud adoption and remote learning, institutions were constantly turning to digital innovations to drive student success.

Almost any technological change made by higher education institutions can affect incident response planning. CDW’s Lea notes that even if an organization is just switching vendors for student databases, it should have a clear governance framework in place. “Who will own it? How will it be managed? All of this needs to be documented in advance,” she says.

AVOID COMMON MISTAKES: Insufficient documentation is just one of the ways your incident response plan can go wrong. Learn about other preventable mistakes in CDW’s whitepaper.

Mergers and acquisitions, which are becoming increasingly common in higher education, represent another area where documented security policies and procedures are extremely important.

“We need to test these new environments before we add them,” says Lea, and a carefully designed and executed incident response program helps ensure nothing is left to chance.