IT security beset by under-funding.A YEAR AGO IN THIS SPACE I WROTE about the results of a security survey conducted by CDW-G CDW-G CDW - Government (formerly Computer Discount Warehouse - Government) , which highlighted the concerns of university network administrators. The survey examined the support IT directors received from various campus groups--students, faculty, and administration--to pinpoint causes of resistance to implementing security programs. Chief among them was a lack of funding to adequately secure networks. Have things changed much in a year? Short answer: no. Longer answer: Security is the top priority for IT administrators, yet their frustrations in safeguarding networks persist. Security breaches that put valuable data resources and personal identity information at risk are a continuing problem in higher ed institutions, despite increased efforts to combat them. In fact, USA Today USA Today National U.S. daily general-interest newspaper, the first of its kind. Launched in 1982 by Allen Neuharth, head of the Gannett newspaper chain, it reached a circulation of one million within a year and surpassed two million in the 1990s. reported in August on 109 computer-related breaches at 76 schools in the preceding 18 months. And this year's CDW-G survey, conducted in conjunction with Eduventures, underscores the seriousness of the issue. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the survey (available at www.cdwg.com /higheredsecurity), 58 percent of respondents In the context of marketing research, a representative sample drawn from a larger population of people from whom information is collected and used to develop or confirm marketing strategy. said they experienced one or more security incidents in the last year. Thirty-three percent of that number reported lost, stolen, or exposed data. Moreover, 9 percent reported a loss or theft of student personal information, and 5 percent reported a loss or theft of faculty personal information. Interestingly, the report indicates that, of those reporting security breaches in the last year, the greater danger is not from the outside. "The majority of attacks come from within," says Stan Gatewood, chief information security officer for the University of Georgia Organization The President of the University of Georgia (as of 2007, Michael F. Adams) is the head administrator and is appointed and overseen by the Georgia Board of Regents. . Eleven percent of those reporting intrusions in the last year say the attacks came from within the institution and resulted in data loss or theft, compared with eight percent who reported data loss or theft from an outside attack. These inside attacks come from students testing their hacking See hack and hacker. skills or from computers that have been "owned" (hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. slang for compromised) and which can act as remote launch pads for attacks, Gatewood says. Just 11 percent of survey respondents say their infrastructures are "very safe" from attack, while more than half (51 percent) believe they are "moderately safe." Gatewood suspects those numbers don't tell the whole story. He thinks it's likely a segment of those reporting safe networks fall in the category of "saying they're safe because they just don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. whether they've been attacked, or they don't want to report it." It's not that security isn't an overriding (programming) overriding - Redefining in a child class a method or function member defined in a parent class. Not to be confused with "overloading". concern of IT administrators; in fact, a significant majority of respondents (84 percent) to the CDW-G survey named it in their top five priorities. But, they claim, their administrations do not necessarily regard network security with the same sense of urgency. Fewer than half of the respondents report that their administrations make IT security a top-five priority. IT directors cite "lack of funding" and "too few staff resources" as the biggest barriers to improving IT security on campus. Often, the choice comes down to money, Gatewood says. "They have to weigh the options: Do you keep all your services like e-mail, WebCT, Banner, and so on, up and running, or do you give me a million dollars to try and prevent something that may or may not happen?" Too bad. It shouldn't be a choice anyone has to make. Write to Tim Goral goral an intermediate type between goat and antelope. Look, smell and climb like goats but have wide muzzles like antelopes and are not bearded. Called also Naemorhedus spp. at tgoral@universitybusiness.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion