What's on Your School's IT Threat List?

• By Bridget McCrea
• 10/24/08

The Georgia Tech Information Security Center (GTISC), a national leader in information security research and education, recently released its Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year. In it, the GTISC forecasted five key cyber security areas where threats were expected to increase and evolve.

To find out what the organization thinks about cyber security for higher education institutions, we interviewed its director, Mustaque Ahamad. Here's what he had to say.

Campus Technology: Off the top of your head, what were the most significant findings of this report?

Mustaque Ahamad: Namely that the threats are growing in sophistication and becoming more and more difficult to detect. It's also getting harder to figure out exactly what they are, be they malware, botnets, or viruses. Additionally, with the increased usage of smart phones and other devices--many of which now store sensitive data--we're seeing threats migrating to those types of platforms. Finally, we have picked up on the fact that many of the criminals are doing this to make money and, as such, are creating entire business models that exploit the technology of individuals and institutions.

CT: How vulnerable are higher education institutions at this point?

Ahamad: Typically they work with more open environments, and they also have tons of resources that are very attractive to people on the "other side." Criminals who control a lot of machines that do botnets, for example, must look for a high number of machines to attack. Many of those machines can be found on college campuses, which again are usually using open environments that are stocked with resources. For example, many of these crimes are data-driven right now, with criminals going after the identity information, credit card data, and so forth that many schools maintain on their students and faculty.

CT: What threats are at the top of the list for administrators?

Ahamad: Those in the academic setting should be most concerned with botnets and malware, the latter of which can compromise your machines, while botnets basically "change" those machines into resources that hackers can use to commit crimes.

CT: How is higher education dealing with these threats?

Ahamad: For starters, universities need to make sure their machines are clean and not being used in this fashion. They also need to use education, awareness and policies that apply across the entire institution. It's about educating the individuals who own and use the IT [resources] and showing them how they should be managed in the most secure fashion. The good news is that students tend to be pretty tech-savvy these days and can often serve as the eyes and ears for the department or unit that creates and administers those policies. Nothing is going to make a university system 100 percent secure, but it's about doing your best.

CT: What's around the next corner?

Ahamad: We are constantly surprised by the creativity of the people who represent the various cyber threats that are out there. There is more to come, and the trend is really elevating security as a major responsibility and role for institutions of higher education, which must not only handle current threats but also be proactive about warding off potential threats by having in place well defined security policies.