Research

Survey Hints at Cybersecurity Communications Gap

• By David Raths
• 11/01/17

Technology solutions provider CDW-G today released a cybersecurity survey that may indicate a communications gap between IT departments and students.

The company surveyed 250 higher education IT professionals and 300 students on cybersecurity issues, finding that 91 percent of IT professionals who have experienced a breach said they have communicated the news to the student body, yet just 26 percent of students surveyed said they are aware of any cybersecurity breaches at their college/university in the past 12 months. Furthermore, 82 percent of IT professionals said they require students to take IT security training at least once a year — but only 35 percent of students said the same.

"There seems to be a discrepancy between what is being communicated and how students are digesting that information," said Nicci Fagan, CDW-G's director of higher education. "This suggests that consistent communication and awareness has to be a part of their emphasis. We are talking to colleges and universities not just about measures around cybersecurity, but also how they are sharing that information with students consistently and using multiple channels to get to students."

In the survey, 60 percent of the IT professionals said they have experienced a data breach in the last 12 months, and 29 percent have experienced data loss. Eighty-one percent of students said their institution's ability to protect university and student data is very important, but 74 percent are concerned with the institution's ability to do so. Only 25 percent of students said that their college's cybersecurity training and educational efforts have been very effective.

Fagan said campuses should develop a multi-pronged strategy to communicate about cybersecurity. "You have to have multiple channels to get to students today," she asserted.

The survey also found that 76 percent of students admit to engaging in risky behavior, although that definition includes using public WiFi. Twenty-one percent admitted visiting risky or questionable websites. Seventeen percent said they had helped non-approved individuals connect to the network, and 13 percent said they had opened messages from unknown senders.

Jordan Cohen, a CDW-G college intern at Rutgers University (NJ), offered some student perspective on the survey: "University IT professionals work really hard to make sure data is secure, but if students don't know about it, or if they are apathetic or unsure, that work can be ineffective," he noted.

Cohen, who works in a computer lab at Rutgers, said more effort has to be made to help students understand their responsibility and increase their technology literacy. "I interact with a lot of students who can open Microsoft Word and surf the web, but they don't really understand how their computer works and what is risky and why. It is a matter of teaching safe computer usage earlier. We all learn to look both ways before crossing the street. A lot of that has to make its way into the tech world. It can't be something you learn for the first time when you are entering college."

Turning to efforts to protect networks, the survey showed some potential areas of improvement. Fewer than 50 percent of IT pros said their campus had done the following:

• Network segmentation (cited by 46 percent of respondents);
• Endpoint protection (45 percent);
• Remote access controls (44 percent);
• Advanced threat protection (43 percent);
• Regular effectiveness testing (42 percent); and
• Two-factor authentication (39 percent).

To improve cybersecurity, the report concluded, higher education institutions must close communication gaps around breach awareness, training and effectiveness, as well as improve compliance and put security fail-safes in place.