Who's The Best Of The Worst On Cybersecurity? Academia.
When I read the above article, I had to smile. It took me back to my cyber crime investigation days working on a distributed denial of service (DDoS) attack case. The investigation pointed to a server located in a local university. Wow! You cannot imagine how difficult it was, in California no less, to get the university to do anything about the issue. Eventually, when I tracked the IP address and the university determined no detrimental harm would be done by taking the server offline, the DDoS stopped, and the victim was very happy with the FBI!
Academia is a place for education, and everyone comes together in an open environment to share and make the community better. Uh huh, and historically no real thought is given to security and gasp …. restricting things. The average college or university has student and parent info, i.e. names, address, dates of birth, social security numbers, grading info, medical records, credit card numbers, etc. and hackers always go after the weakest link, so colleges and universities are huge targets.
So why is it that a college that offers cyber security education, not practicing what it is teaching? Well I recall interviewing for a CISO role at my undergraduate alma mater and lets just the salary wasn’t even close to market value. Talent would be one. But I never understand why there is so much trepidation to have students secure their own network. Given appropriate guardrails through oversight a university could get free labor. Just think, start them off freshman year, building analyst skills then by senior year they are hunters. That would solve the problem of students not being prepared to enter the workforce and universities being poor at cyber security. Given some thought and planning it really could work!