U.S. citizens owe some $1.53 trillion in student loan debt, and that number continues to grow. However, an extra hidden fee students do not often account for is the cost of having their identity stolen in the event their school experiences a data breach. The personally identifiable information (PII) belonging to students can lead to identity theft which cost consumers more than $16 billion.
As an example, in 2018, there were 76 data breaches from education institutions affecting at least 1.4 million records. Threat actors continue to target higher education in 2019 as Oregon State, Graceland University and Missouri Southern University are examples institutions to be breached. In fact, hackers targeted the systems of 62 colleges by exploiting a vulnerability in an enterprise resource planning (ERP) web app.
Jacob Serpa, a researcher from Bitglass, discusses with Digital Journal how universities can effectively secure student data. Serpa shares the common mistakes and pitfalls that lead to data breaches.
Digital Journal: What are the hidden cost for students in terms of data breaches?
Jacob Serpa: Americans owe a tremendous $1.53 trillion in student loan debt, and that number continues to grow. However, an extra, hidden fee that students don’t account for is the cost of having their identity stolen in the event that their schools experience data breaches. According to the Consumer Sentinel Network, identity theft was the third most reported complaint to the Federal Trade Commission in 2018, causing consumers to lose about $1.48 billion.
Malicious actors can leverage the information students share with their universities (including Social Security numbers, names, home addresses, and birthdates), in order to steal airline miles, open utility accounts, or, if they sell said information on the dark web, to make a profit.
DJ: How often are data breaches reported in education? What are some significant breaches that have happened in 2019?
Serpa: According to findings from the Identity Theft Resource Center, there were 76 reported data breaches in education in 2018 – down from 128 incidents in 2017. Despite this massive, 40.6 percent decrease in the overall number of breaches, the number of records exposed per breach decreased only slightly – from 1.42 million in 2017 to 1.41 million in 2018. In other words, more records and people are now being exposed, on average, in each breach that occurs in education.
In April 2019, personally identifiable information (PII) belonging to 1.3 million current and former students, student applicants, administrators, and other staff was exposed at Georgia Tech. An unidentified outsider managed to obtain unauthorized access to one of the university’s databases. Other universities to suffer data breaches of PII in 2019 include Graceland University, Oregon State University, and Missouri Southern State University.
DJ: How can universities’ institutional and student data be better secured?
Serpa:The National Center for Education Statistics estimates that there will be 20.05 million students enrolled in degree-granting, postsecondary institutions in the U.S. during the Fall 2020 term. To protect the data of these students as well as student applicants, IT and security teams will need a security solution that can scale with their institution’s needs and can protect hundreds of terabytes of data – particularly in the cloud.
As organizations across all industries continue to migrate more data and operations to the cloud, they must ensure that they maintain a robust cybersecurity posture. According to Bitglass’ 2019 Cloud Security Report, this is primarily associated with defending against malware, reaching regulatory compliance, and preventing cloud misconfigurations (these were three of the top four security priorities that organizations have this year). Universities, in particular, must be able to adhere to various compliance frameworks, including the Federal Information Security Management Act (FISMA) and the Family Educational Rights and Privacy Act (FERPA), while keeping student, faculty, and institutional intellectual property (IP) secure. To accomplish this, visibility and control in the cloud are critical.
In light of the above, educational institutions have been turning to cloud access security brokers (CASBs) for their ability to secure mobile and personal devices, prevent data leakage, and control access to managed cloud applications like Box and Office 365. CASBs also enable regulatory compliance with mandates such as FISMA and FERPA.
Through 2023, at least 99 percent of cloud security failures will be the customer’s fault, according to Gartner. That is why Gartner also forecasts that 60 percent of large enterprises will use a CASB to govern some cloud services by 2022 – up from less than 20 percent in 2018.
DJ: How does Bitglass’ CASB differentiate from competitors?
Serpa:Bitglass offers end-to-end data protection for any app, any device, anywhere – without the use of agents. Bitglass is built to protect data in real time across the entire enterprise footprint, from SaaS and custom apps to IaaS platforms and beyond. The CASB provides comprehensive data protection, zero-day threat protection, robust identity and access management, and complete visibility wherever data goes.
Bitglass offers a wealth of advanced functionality, including file and field-level encryption, cloud security posture management (CSPM), agentless MDM capabilities, granular data loss prevention (DLP), Zero-day Shadow IT Discovery, the ability to turn any application read-only, user and entity behavior analytics (UEBA), and much more.
In 2018, Gartner ranked Bitglass as the number one CASB for applying consistent policies to all cloud services, and as the number one CASB for enabling secure, user-friendly mobility. Bitglass was also named a Leader in Gartner’s 2018 CASB Magic Quadrant.
