VERONON HILLS, Ill. – A recent study indicates that 58 percent of college and university IT directors reported at least one security breach in the last year. Nine percent reported a loss or theft of student personal information; More than three million students nationwide could be affected.
CDW Government Inc. a wholly owned subsidiary of CDW Corporation and source of Information Technology (IT) solutions to governments and educators, announced Oct. 10, in conjunction with Eduventures, the results of the CDW-G Higher Education IT Security Report Card 2006 – a survey of 182 higher education directors and managers across the United States.
The study reveals that 58 percent of surveyed higher education directors/managers experienced at least one IT security incident in the last year. Nine percent reported a loss/theft of personal student information. With an average of 4,097 students per institution in the United States, more than three million students could be impacted by loss/theft of their personal information.*
“Without question, IT security is an issue that everyone in higher education needs to take seriously as institutions continue to experience security breaches at a high rate, putting valuable data resources and personal identity information at risk,” said Stan Gatewood, chief information security officer for the University of Georgia. “The CDW-G Higher Education IT Security Report Card takes an important look at the very real challenges higher education IT directors and managers face – and what it will take to overcome them – as they strive to improve IT security at our nation’s colleges and universities.”
Given the number of incidents at American colleges and universities, IT security continues to be a big concern on higher education campuses. An overwhelming majority of respondents (84 percent) rated IT security within their top five priorities. However, their administrations do not necessarily regard it with the same sense of urgency. Fewer than half the respondents report that their administrations make IT security a top-five priority. IT directors/managers cite “lack of funding” and “too few staff resources” as the biggest barriers to improving IT security on campus. As a result, only 11 percent of respondents state that their networks are “very safe” from attack. Respondents are most concerned about the amount of sensitive data residing on unprotected computers, rating these assets as their greatest security risk.
“Our higher education institutions have always placed a high value on protecting the safety of their students, faculty and facilities. Today, that extends into protecting an ever-expanding volume of personal and institutional data, as well as a growing number of networked devices, from increasingly sophisticated security threats,” said Julie Smith, director of higher education for CDW-G. “Our second annual survey found that while higher education IT directors recognize IT security as a major priority, they are stretched thin for the vital resources they need to prevent a devastating loss of critical data.”
The Grades
IT directors/managers rate the support for IT security that they receive from their executive administration, faculty and students:
- Administration earns a “B”: Ninety-three percent of respondents state that the executive administrations at their schools are supportive to extremely supportive of IT security initiatives. However, respondents cite “financial commitment” and lack of “funding for training programs” as barriers with this group
- Faculty earns a “C”: Twenty-eight percent of respondents state that faculty are not supportive of IT security initiatives. “Lack of awareness” and the “expectation that exceptions will be made for individuals” are the biggest challenges
- Students earn a “C”: Thirty-one percent of respondents report that students are not supportive of IT security initiatives. Respondents cite “lack of awareness” and a “disregard of rules/policies” as the major roadblocks with students
“Lack of awareness among students and faculty is a major challenge as higher education institutions try to improve IT security on campus,” said Catherine Burdt, senior analyst for Eduventures. “Part of the perceived lack of support on campus can be attributed to the fact that computer users are not aware of IT security policies. Institutions should consider boosting funding for security training and awareness programs.”
Financial Support for IT Security
Though IT directors/managers state that IT security is a major priority and that their administrations are supportive, 97 percent report that one quarter or less of their IT budgets go toward IT security.
The vast majority of respondents (81 percent) feel that the budget allocated to IT security is less than what is needed. In addition, 68 percent report no growth in their IT security budgets this year compared to the previous year.
CDW-G Recommendations
CDW-G recognizes that the solutions to the challenges raised in its survey are complex and require in-depth analysis. However, CDW-G recommends that higher education institutions initiate a dialogue between the appropriate departments on campus to consider the following recommendations:
- Present formal business cases to administrations when seeking budgetary increases for security enhancements
- Examine the total financial impact of a major security breach – costs associated with technology, downtime, staff time spent on recovery, communications, legal action, etc. – to make the business case for additional funding
- Improve authorized access policies to reduce outside threats to networks
- Manage and monitor the increasing number of devices hooking up to the network – potentially investing in technologies like network access control
- Boost funding for security training and awareness programs, and make them mandatory for all network users
Methodology
The CDW-G Higher Education IT Security Report Card findings are based on an online survey of 182 higher education directors and managers from a variety of higher education settings – from large research institutions to small community colleges. The study has a +/- 5.5 percent margin of error at a 90 percent confidence level. Visit www.cdwg.com/higheredsecurity for more information about the survey results and a complete analysis. For more information about CDW-G , call (800) 863-4239, or visit the CDW-G Web site at www.cdwg.com. For more information about Eduventures, visit www.eduventures.com.
* 1105 Media, Inc. estimates that there are approximately 10,000 higher education IT directors/managers in the U.S. Assuming that each survey respondent represents a unique institution, the total number of institutions impacted by a loss/theft of student data nationwide is approximately 900. Federal government data indicates that there is an average of 4,097 students at each higher education institution, as there are 17,272,000 enrolled postsecondary students and 4,216 postsecondary institutions in the U.S. (Source: U.S. Department of Education, National Center for Education Statistics).
_________________________________
Release by CDW-G and Eduventures.