The Difference Between Cleaning Up and Growing Stronger After a Disaster
With a constant onslaught of cyberattacks, massive amounts of incoming data to protect and billions of dollars on the line, colleges and universities face a never-ending stream of risks. As institutions focus on remaining financially viable amid falling enrollments, it’s never been more critical to maintain stability and remain operational. A single breach, after all, can financially hobble an organization, costing not only money but the trust of its stakeholder community.
For organizations of all types — including higher education — concerns about business continuity are hardly new. “We have long done work around continuity and recovery,” says Wolfgang Goerlich, an advisory CISO with Cisco’s Duo Security. “We take a series of actions to ensure we can continue. We move on to different services. We move into new facilities. We switch applications, we switch processes.”
These actions are important, Goerlich continues, so that “in the event of a disruption, we can recover the organization and continue providing services. But recently, there’s been a shift toward focusing on resilience, which looks at more than continuity and recovery. The goal of resilience is not only to respond to an event, but also to emerge from that event in a better posture and a better position than before.”
LEARN MORE: How to get zero-trust architecture right for security and governance.
Cyber-Resilient Institutions Need Executive-Level Support and Resources
The most cyber-resilient colleges and universities tend to have certain factors in common, particularly in how they prioritize and attend to security.
Weaving cyber resilience into an institution’s strategic fabric effectively and successfully requires a top-down, unified approach. “It tends to be much more successful as a program,” Goerlich says. “In higher education, there are a lot of competing goals. There are a lot of services that need to be provided to students and faculty. Resilience has to be a goal at the top level so that security teams can get the buy-in, the support and the coverage we need to implement programs that get results.”
Fortunately, Goerlich says, higher education leaders seem to agree. In a 2022 security survey of technology executives across all industries, 96 percent of respondents agreed that security resilience, in particular, is top of mind. Complicating things, he says, is a lack of consistent budgeting — a reality that makes leadership buy-in all the more important.
“There's never enough budget, there’s never enough time, there's never enough resources,” Goerlich says, “which is why it all starts with priority and executive-level support.”
READ MORE: What is third-party risk and what can higher ed do about it?