← Back to portfolio

Universities face unique IAM challenges

While lecturing about the necessary evil that is the business end’s impact on the news industry, one of my journalism professors informed my class that “If it bleeds, it leads.” She was, of course, hyperbolically describing the unfortunate sensationalism necessary to sell papers (online subscriptions?), as not every headline (thankfully) requires arterial splatter. A more accurate phrasing would have been “If it’s sexy, it leads,” but that lacks that certain required panache permeating both news reporting, and apparently, teaching.

When reporting something that’s already dry, say, cyber security, it’s not hard to understand why journalists tend to focus on data breaches at big name corporations or compromised credit cards numbers. The average consumer cares more about the occasional Apple slip-up or whether they might need to cancel their Visa cards than hacks at a South Korean television station or the theft of a university’s intellectual property. A breached Burger King Twitter account now praising two all beef patties on a sesame bun is more entertaining, and in turn, sexier.

But this, dear reader, is why I have a job–-to champion the data breaches that aren’t splashing the front page of The Wall Street Journal. One such under-reported trend is the meteoric rise of hackers targeting America’s premier colleges. Unlike previous posts in this blog that make mention of universities leaking the usual information (Social Security numbers, bank info, etc.), academia is experiencing a data loss unique to its hallowed halls; namely, the theft of intellectual property and research that is then being used to “aid in a range of activities, from product development to terrorism.”

Top universities, including the University of North Carolina-Chapel Hill (UNC) and Duke University (the schools that a certain blogger couldn’t get into after spending much of high school “studying” the effects of alcohol first-hand rather than taking his health teacher’s word on it) are now the targets of sophisticated cyber criminals. And universities have no idea how to stop it.

“We’ve put all these things into place that have made us more secure, but while we’re doing that, the bad guys are working faster and we’re struggling to keep up,” said Ramon Padilla, deputy chief information officer and interim information security officer at UNC. “They just have more manpower. It’s a tough fight. If you meet anyone who says they’re ahead, let me know.”

One of the most telling statistics is that UNC now blocks 87 million unwanted connections to its network per week, which is up from the 30 million attempted breaches reported just three years ago. Both UNC and Duke say that the majority of this unwanted traffic originates from Russia and China, so this isn’t just lazy students hoping to avoid purchasing a few texts books or secure a few answers to upcoming midterms. It’s much more malicious, and all it takes is one to sneak by campus defenses.

Again, I don’t want to fall in the same hyperbolic trap my former professor warned against, but there exists the very real fear that this cutting-edge research is aiding terrorism. Shouldn’t that be front page news? Shouldn’t, at the very least, universities consider a strong Identity and Access Management (IAM) platform designed to automate user access and secure their most vital information?

I could try to write a nice zinger here, but Newsobserver.com summed it up perfectly: the differences between universities are “those who have been hacked, and those who have been hacked but don’t know.”