Episode 604: Evaluating Data Breach Trends & Payments Security in Higher Ed
06/13/23 • 33 min
As higher ed institutions continue to implement more digital technologies, data breach tactics have become increasingly sophisticated. Universities and colleges process and store massive amounts of sensitive personal and payments data, which are increasingly the target of cyberattacks. On this week’s episode of FOCUS, Sean Davidson, Senior Manager of Security Solutions at Verizon, shares the latest trends in payment security and data breaches. Davidson also imparts wisdom on the best practices of cybersecurity that institutions can follow to keep data safe and under payment card industry (PCI) standards.
Verizon in cybersecurity?
On the surface, the correlation between Verizon, a telecommunications company, and cybersecurity might not be easy to make. However, Verizon has maintained dedicated cybersecurity services for 23 years. They offer security management and assessment services out of nine global security operation centers. Verizon was an original contributor to the PCI compliance requirements, offering primary forensic investigation (PFI) and qualified security assessor (QSA) services to companies so they can confidently validate that their environment is secure and PCI compliant.
Data breach investigations report (DBIR)
Verizon’s most notable contribution to the cybersecurity industry is the Data Breach Investigation Report (DBIR). It’s seen as the foremost authority on data breach investigations and reporting and made up of data gathered by Verizon and 86 partners and industry experts. In 2022, the DBIR confirmed 5,212 data breaches out of the 23,896 security incidents reported under the DBIR’s framework. Davidson categorizes an incident as any time sensitive information is exposed, and breaches as anytime that information is then exfiltrated to outside environments.
“We analyze that data, and we boil it down and come up with a view of the cybersecurity threat landscape that companies can use to better understand their threats, their attackers, their motives, and the defensive areas that they should bolster to help prevent impact from these attackers,” said Davidson.
The DBIR’s findings are published annually to the public, with 2022 marking the 15th publication.
Trends
In Davidson’s observations, ransomware is five times more likely to affect education. Ransomware typically refers to sensitive information being compromised and held for a financial ransom. Even if the company pays the ransom, they might not regain access to the data or the data could still be leaked. A human element drives 82% of these breaches, mostly through phishing — which is when a scammer pretends to be a credible person within the victim organization to gain access to protected data.
System intrusions are also a rising threat to higher ed institutions. A system intrusion is an instance of hacking through physical means or modems. This type of cyberattack can also take place due to miscellaneous errors like sending valuable details to a third party, leaving ports open on web applications, and other sometimes human mistakes.
Web application attacks have decreased across the higher ed sector, possibly due to cloud service adoption.
Protecting institutions
One best practice to protect institutions is to have a solid security program with a good security posture. Cybersecurity insurance is a necessity, especially in the event of a breach. Davidson believes hiring a cybersecurity advisor is on the list of best practices to aid in cases of ransomware or phishing.
Zero-trust environments are quickly becoming a proven safeguard for cybersecurity breaches. The environments are created by sharing data on a need-to-know authorization. This eliminates the amount of access given to data sets, limiting potential leak opportunities.
Moving logins to two-factor authentication adds an extra layer of protection to accounts. This second step of identification could be as simple as a security question, or verification codes sent through text, email, or a phone call.
Although the threat of cyberattacks never goes away, putting these best practices into action and being vigilant of system weaknesses can make all the difference in security.
Resources from episode:
Data Breach Investigations Report (DBIR) is available to download for free from Verizon: https://www.verizon.com/business/resources/reports/dbir/
Payment Security Report (PSR) is available to download for free from Verizon: https://www.verizon.com/business/reports/payment-security-report/
Contact Sean Davidson at [email protected]...
As higher ed institutions continue to implement more digital technologies, data breach tactics have become increasingly sophisticated. Universities and colleges process and store massive amounts of sensitive personal and payments data, which are increasingly the target of cyberattacks. On this week’s episode of FOCUS, Sean Davidson, Senior Manager of Security Solutions at Verizon, shares the latest trends in payment security and data breaches. Davidson also imparts wisdom on the best practices of cybersecurity that institutions can follow to keep data safe and under payment card industry (PCI) standards.
Verizon in cybersecurity?
On the surface, the correlation between Verizon, a telecommunications company, and cybersecurity might not be easy to make. However, Verizon has maintained dedicated cybersecurity services for 23 years. They offer security management and assessment services out of nine global security operation centers. Verizon was an original contributor to the PCI compliance requirements, offering primary forensic investigation (PFI) and qualified security assessor (QSA) services to companies so they can confidently validate that their environment is secure and PCI compliant.
Data breach investigations report (DBIR)
Verizon’s most notable contribution to the cybersecurity industry is the Data Breach Investigation Report (DBIR). It’s seen as the foremost authority on data breach investigations and reporting and made up of data gathered by Verizon and 86 partners and industry experts. In 2022, the DBIR confirmed 5,212 data breaches out of the 23,896 security incidents reported under the DBIR’s framework. Davidson categorizes an incident as any time sensitive information is exposed, and breaches as anytime that information is then exfiltrated to outside environments.
“We analyze that data, and we boil it down and come up with a view of the cybersecurity threat landscape that companies can use to better understand their threats, their attackers, their motives, and the defensive areas that they should bolster to help prevent impact from these attackers,” said Davidson.
The DBIR’s findings are published annually to the public, with 2022 marking the 15th publication.
Trends
In Davidson’s observations, ransomware is five times more likely to affect education. Ransomware typically refers to sensitive information being compromised and held for a financial ransom. Even if the company pays the ransom, they might not regain access to the data or the data could still be leaked. A human element drives 82% of these breaches, mostly through phishing — which is when a scammer pretends to be a credible person within the victim organization to gain access to protected data.
System intrusions are also a rising threat to higher ed institutions. A system intrusion is an instance of hacking through physical means or modems. This type of cyberattack can also take place due to miscellaneous errors like sending valuable details to a third party, leaving ports open on web applications, and other sometimes human mistakes.
Web application attacks have decreased across the higher ed sector, possibly due to cloud service adoption.
Protecting institutions
One best practice to protect institutions is to have a solid security program with a good security posture. Cybersecurity insurance is a necessity, especially in the event of a breach. Davidson believes hiring a cybersecurity advisor is on the list of best practices to aid in cases of ransomware or phishing.
Zero-trust environments are quickly becoming a proven safeguard for cybersecurity breaches. The environments are created by sharing data on a need-to-know authorization. This eliminates the amount of access given to data sets, limiting potential leak opportunities.
Moving logins to two-factor authentication adds an extra layer of protection to accounts. This second step of identification could be as simple as a security question, or verification codes sent through text, email, or a phone call.
Although the threat of cyberattacks never goes away, putting these best practices into action and being vigilant of system weaknesses can make all the difference in security.
Resources from episode:
Data Breach Investigations Report (DBIR) is available to download for free from Verizon: https://www.verizon.com/business/resources/reports/dbir/
Payment Security Report (PSR) is available to download for free from Verizon: https://www.verizon.com/business/reports/payment-security-report/
Contact Sean Davidson at [email protected]...
Previous Episode
Episode 603: Unifying Student Services into a One-Stop Shop with Portland Community College
During this week’s episode of FOCUS, Fredderick Simmons discusses how Portland Community College (PCC) is bringing together siloed services to create a powerful one-stop shop for student success. Simmons is the Student Account Services Manager, overseeing PCC’s relationships with Ellucian Banner and TouchNet. Since PCC’s recent administrative reorganization, the school has put bettering student services at the top of their priorities with the “One Together, Together One” model. Simmons shares insights on the model and what steps PCC has taken towards greater student success.
Unified for better student services
Portland Community College serves students across four campuses in the Portland area. Until recently, each campus operated under its own president and budget, reporting to the district president. To create a unified student experience, PCC restructured to bring the four campuses under the leadership of one president, currently Dr. Adrien Bennings.
PCC has since adopted a “One Together, Together One” model to re-engage and reshape their community. The initiative takes an all-hands-on-deck approach to support student success, extending to all departments, including student accounts services, financial aid, enrollment, and more.
“You want to make sure that students are prepared in the classroom, and it's our job and our responsibility to make sure that they are financially settled outside of the classroom,” says Simmons.
On-site flex schedule
Part of PCC’s new ideology extends to staffing. The institution wanted to find a way to serve students the best they could, while allowing faculty to have a hybrid work environment when possible. The answer came in the form of on-site flex scheduling, which uses account service data to identify three peak weeks each semester where students need increased on-campus faculty presence. The data showed the days and weeks that saw the most in-person student visits and made it possible for PCC to confidently maintain in-person office hours Monday-Thursday, while being remote-only on Fridays. Students are able to have their questions answered in person when they need it most, while faculty can enjoy a hybrid workplace outside of those three weeks.
Zoom Rooms
Staying true to PCC’s new model, the way the institution communicated with students in need of help also needed an all-hands-on-deck update. As Simmons puts it, students want instant service. With Zoom Rooms, students can reach out to chat during business hours for immediate aid. Account service providers can then get on a Zoom call with students or transfer them to another department without having to start over with the chat’s archive function.
A resource beyond payments
The student accounts team at PCC is also focused on serving students beyond taking payments. Simmons shared their vision is to be more involved during student orientation to provide educational resources on financial management skills by coaching students on budgeting and financial responsibility. Additionally, he hopes to better serve their ESOL students by considering the makeup of the student population while staffing the department.
Looking forward
As PCC continues to evolve their one-stop shop, Simmons is also excited about implementing TouchNet’s newest solution, Student Account Advisor. This tool will further advance the one-stop shop mentality in the Answer Center by retrieving student account data regardless of which department it’s stored in, so staff can have all the information they need to advise students successfully. Simmons believes the tool will break down barriers that both students and faculty experience, creating a better process.
Simmons also shared what’s next for the institution. Currently, the enrollment and orientation processes are being re-imagined to be more hands-on so students have more access to staff. Overall, Simmons says the school wants to be more mindful of the population they serve and strategize how to eliminate barriers in enrollment so more students can have the experience of “One Together, Together One.”
Special Guest: Fredderick Simmons.
Next Episode
Episode 605: Unlocking the Entrepreneurial Spirit on Your Team
With all the high-tech innovations coming to campuses, it’s easy to overlook the need for a human factor in the spirit of transformation. Joe Abraham, operating partner at Beyond Academics, recently joined the FOCUS podcast to weigh in on how to encourage innovation by understanding teams through the lens of entrepreneurship. Abraham is also the author of Entrepreneurial DNA, which explores four entrepreneurial archetypes, and shares how each applies to higher ed. By understanding your team’s entrepreneurial DNA and build a team strategy with those strengths in mind, Abraham says we can see that the real key to innovation in higher ed is not technology, but the human factor.
Beyond Academics
As Abraham explains, Beyond Academics operates in three parts. The first is research and development into what the future holds for higher ed and how entrepreneurial behavior will affect the college enterprise. From the conclusions found in this research, Beyond Academics consults campuses in need of help developing and executing new strategies.
“What we try and teach schools is look, figure out who you are, who are your people, and let's build strategy around you. Rather than trying to be someone you're not,” says Abraham.
The final component of the operation is finding innovative tech companies to invest in and bring into Beyond Academics’ partner program to advocate for in the ed-tech space.
Entrepreneurial DNA
In Abraham’s book, he uses the BOSI model to categorize the four types of entrepreneurial DNA present across all people. This breaks down into having builder, opportunist, specialist, or innovator traits. He applies the BOSI model across institutions to gain a better picture of higher ed’s entrepreneurial makeup.
Builders are focused on scaling a business fast and account for around 15% of staff in higher ed. Success for them is measured by infrastructure — which when applied to higher ed, could mean payroll and available square-footage on campus.
Opportunists make up around 6% of people in higher ed and are money motivated. They tend to take high risks for high rewards and are natural promoters for what they are passionate about.
Specialists are the most common in higher ed and found in 58% of staff. They are experts at what they do, consistent, and work hard to build a reputation for their institution. Specialists are the opposite of opportunists.
Lastly are innovators, who are driven by a mission or purpose and the inverse of builders. They want to change their industry and see how their work impacts people. Innovators make up 21% of higher ed staff.
DNA for greatness
There are three principles for how a campus’ entrepreneurial makeup can be applied to strategy: individually, at a team/management level, and institutionally. Communication is key to create success at all levels. Abraham finds that grouping opposite DNA types can create a balance of behaviors in team dynamics. Each type has its strengths, which can be the perfect complement to another type’s weaknesses.
Know your archetype
Abraham’s BOSI assessment is available for free, or for a small fee for team use. With these DNA types, institutions can learn how to set their teams up for success, which in turn will set a solid foundation for encouraging innovation.
Learn more about BOSI here: https://www.youtube.com/watch?v=_gYe7KlqFMo
Get a copy of Entrepreneurial DNA here: https://www.amazon.com/Entrepreneurial-DNA-Strengths-Successful-Business/dp/0071754512
Special Guest: Joe Abraham.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/focus-394256/episode-604-evaluating-data-breach-trends-and-payments-security-in-hig-55625553"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to episode 604: evaluating data breach trends & payments security in higher ed on goodpods" style="width: 225px" /> </a>
Copy