At Trend Micro, we’re constantly learning from our customers; from the challenges they’re facing to their strategic security postures, they each hold a treasure trove of hard-earned wisdom. In an effort to share some of this wisdom, we’ll be interviewing some of our most noteworthy customers for a new blog series we’re calling “Five Questions.”
In this series, we’ll address the same four questions with each interviewee to gain their perspective on their industry’s unique challenges, security issues and advice for their peers. We’ll also throw in a bonus question that’s specific to each customer’s unique experience and history.
We’re proud to launch this series with David Shipley, Director of Strategic Initiatives, Information Technology Services, at the University of New Brunswick. In his experience in higher education, David has observed significant challenges that remain mostly unmet by the sector as a whole. At UNB, he’s continuing the university’s legacy of IT innovation by facing today’s cybersecurity threats head-on.
TM: What are the most significant issues facing your industry?
DS: Higher education is mature market where prices continue to outpace inflation and in Canada, demand is plateauing in most areas or in our region, declining due to population loss. There is intense competition for the best and brightest students, faculty and staff, and at the same time, tight or even falling operational budgets due to gaps in public funding for many institutions. Finally, disruptive technologies such as massively open online courses (MOOCS) such as iTunesU and more, undermine the value proposition once held by universities and colleges.
Higher education institutions with strong brands and reputations will weather these coming changes in the education industry relatively well; those whose reputations are not as strong, or whose reputations are undermined, will face increasing challenges.
TM: What role and significance does information security play in facing those issues?
DS: People trust universities and colleges to protect the massive amount of personal information they share with it – from address and personal data to grades, health and more –higher education is an identity thief’s dream target. Changing the culture around information security from one that is currently far too lax is imperative. According to recent data gathered by higher education IT industry association Educause, a university or college is breached every week, with the largest single factor for such breaches falling in the hacking/malware category (36 percent). Last year alone, hundreds of thousands of student, faculty and staff records were exposed at several major U.S. institutions, including a repeat breach at the same institution.
I believe data breaches result in a definite reputation cost for institutions that goes far beyond the costs associated with investigation, forensics, legal fees and identity protection coverage. I also believe repeated data breaches will be toxic for institutions trying to compete in higher education.
TM: How do you think your industry is doing as a whole in addressing those issues?
DS: Our industry is doing poorly addressing these challenges, but with increased regulatory and public scrutiny over data breaches, particularly as a result of large private-sector breaches such as Sony, Target, Home Depot and JP Morgan Chase, I believe there will be increasing pressure to change.
TM: Based on your experience, what would be your advice for your counterparts in other organizations in your industry?
DS: My advice is to consider the long game. Having been on the front lines of IT security for more than two years now, I know the temptation to get lost in the tactical side of the business in investigation and closing down security holes and incidents.
But it’s too easy to lose the forest for the trees and constantly reacting to threats always puts us behind our opponents, who range in sophistication from script kiddies to organized cyber criminals to state-sponsored advanced hacking teams.
We need to re-invent our networks and overhaul our culture when it comes to IT security. That’s why our security team is focusing its efforts heavily in developing a multi-year strategy to invest in the right technologies that will work together to rapidly identify threats and take as many automated steps as possible to respond as quickly as possible to such threats.
While we are exploring technologies such as next generation firewalls, advanced network controls and virtual private networking tools, anti-virus and network malware labs, we’re also putting in place a more rigourous policy environment that will support the use of such tools and that will help drive behaviour change campaigns.
TM: UNB has a long history as a technology leader in higher education; how does this history impact your present technology strategy?
DS: As the birthplace of QRadar, UNB was one of the first institutions to recognize that the scale and complexity of IT security threats required increasing automation to detect incidents and identify issues.
Today, we’ve enhanced out use of the qRadar security intelligence and event management (SIEM) platform by feeding it malware threat data gathered by Trend Micro’s sophisticated Deep Discovery tool. Our next leap forward will be to integrate these tools with the other critical security assets we need to leverage to find and respond to threats faster. We need these tools to effectively combat a threat environment that sees more than 150 devices compromised by malware at any given time, that also sees more than 80 attempts a second to breach out network using remote intrusion technologies and that see more than 360,000 attempts a week to recon our network for software vulnerabilities and exploits. In short, we need increasingly machine-speed security responses to machine-speed threats.
The challenge is, of course, that these types of major security investment and culture change initiatives take time – but the threat environment continues to grow and evolve. However, given the alternative of fighting a continuously losing battle with our current posture, it’s the best possible approach.
Attend the webinar: How UNB is using policy, practice and technology to enhance cyber security
April 7, 2015 at 12:00 p.m. ET
To learn more about how UNB protects their IT environment with Trend Micro and IBM QRadar SIEM, visit: http://cloudsecurity.trendmicro.com/us/technology-innovation/customers-partners/university-new-brunswick/.
To see more of David’s insights on cyber security and more, check out his LinkedIn author page: https://www.linkedin.com/today/author/13706832.
About the University of New Brunswick
The University of New Brunswick (UNB) is one of Canada’s oldest English-language universities and one of the first public universities established in North America. Founded in 1785, the multi-campus institution is home to over 60 research centres and institutes, groups and ongoing projects. The university offers over 75 undergraduate and graduate programs in 100 disciplines. UNB has over 10,500 students from more than 100 countries, and several thousand more take UNB courses online and at partner institutions around the world. – See more at: http://blogs.unb.ca/newsroom/2014/12/19/new-brunswick-childrens-foundation-provides-gift-for-university-of-new-brunswick-and-mount-allison-research/#sthash.QHSHDQJT.dpuf