AI Dominates Key Technologies and Practices in Cybersecurity and Privacy
AI governance, AI-enabled workforce expansion, and AI-supported cybersecurity training are three of the six key technologies and practices anticipated to have a significant impact on the future of cybersecurity and privacy in higher education, according to the latest Cybersecurity and Privacy edition of the Educause Horizon Report. The report pulls together insights from 39 expert panelists from around the globe to highlight important trends, technologies, and practices today and envision future scenarios for colleges and universities to prepare for.
They key technologies and practices identified in the report were:
AI Governance. "Unless AI governance is in place before new tools are adopted, institutions risk exposing themselves to cybersecurity threats, infringing on end users' privacy, reinforcing systemic inequities, and violating the complex web of data-related regulations," the report warns. Recommended actions include learning what AI is and how it works; getting ahead of technical debt; establishing a generative AI safety and security committee; and providing all stakeholders with AI-related cybersecurity and privacy training.
Supporting Agency, Trust, Transparency, and Involvement. "Cybersecurity and data privacy can only be protected when individuals are fully informed and empowered," the report asserts. Educause recommends a number of actions cybersecurity professionals can take to build positive relationships with users: Create a standing privacy advisory group; communicate with users regularly; provide users with the ability to track their institutional data; create or revise professional development resources for cybersecurity and privacy professionals; and balance user expectations with reality.
Focusing on Data Security Rather than the Perimeter. In today's digital world, it has become near impossible to define an institution's IT perimeter, the report points out. The increasing reliance on cloud services and third-party software continues to blur the border between an organization and the outside world. "Though protecting the institution's perimeter is still important, focusing on an ill-defined or shifting perimeter opens an institution to a false sense of security," Educause explains. "Regardless of where or how an institution's data are stored, they must be protected," making a data-first approach to cybersecurity and privacy essential.
AI-Enabled Workforce Expansion. Cybersecurity and privacy staff can be supported by emerging AI-powered tools, either for training/upskilling or for streamlining routine tasks, the report suggests. However, "new skills will be needed, at the very least to understand and respond to increasingly advanced AI-enabled cyber attacks."
Privacy-Enhancing Technologies (PETs). As defined by Educause: "PETs help organizations use data to make decisions or offer services while improving privacy compliance, ethics, and trust with stakeholders." These technologies often use data collection and processing practices such as encryption, differential privacy, and synthetic data generation to anonymize or limit exposure of personally identifiable information, the report explained.
AI-Supported Cybersecurity Training. Advancements in generative AI make it possible to develop focused, role-specific cybersecurity training for a variety of users in higher education, the report notes. Beyond creating personalized learning experiences, "training designers can leverage AI to analyze internal cybersecurity incidents, integrate insights from other institutions' experiences, and prioritize training topics according to risk profiles." Still, concerns remain around human oversight, environmental impact, and other challenges.
The full report is available here on the Educause site.
About the Author
Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].