Opinion: Defining a Strong Cybersecurity Ecosystem for Higher Ed

Cybersecurity has long been a top priority in higher education, and that's not likely to change in the years ahead. With budget cuts and shortfalls on the horizon, coupled with the challenges of recruiting and retaining the best cybersecurity talent, having a well-thought-out cyber strategy will be critical for college and university IT leaders. To develop such a policy, I summarize best practices with four Ps: protect your campus, prove the system works, promote it to your entire client base, and partner with a vendor who you can trust and advocate for your objectives.

CYBER STATISTICS

Cyber attacks come in many forms, including insider threats, malware, botnets, phishing, DDoS or denial of service, ransomware, and also advanced persistent threats, which occur when an unauthorized and undetected entity invades a system over a lengthy period of time. About 90 percent of cyber-related incidents are still due to human error via weak passwords, phishing emails or social engineering. The cost for cyber-related attacks continues to skyrocket, with global business losses expected to reach an estimated $10.5 trillion this year, according to a 2020 report from Cybersecurity Ventures. To get a sense of how much $1 trillion looks like, a stack of 1 trillion $1 bills would measure 67,866 miles. Multiply that by 10.5 times and you’ll get a visual sense of projected cyber losses for 2025, which is almost unimaginable. That's to say nothing of new, even more dangerous cyber attacks brought to our institutional doorsteps by emerging technologies.

EMERGING CYBERSECURITY TRENDS

New trends in cybersecurity are unfolding, particularly relating to generative artificial intelligence (GenAI), digital decentralization and regulations. Coupled with the inability of many institutions to secure adequate professional IT staffing, these trends portend major cyber challenges ahead. While IT leaders have traditionally emphasized protecting our data and databases, a recent report from the research firm Gartner pointed out that GenAI is moving our security toward “protecting unstructured data — text, images and videos.”

In addition, Gartner reported that an increasing reliance on cloud services and automation has led to “prolific use of machine accounts and credentials for physical devices and software workloads. If left uncontrolled and unmanaged, machine identities can significantly expand an organization's attack surface.” That makes consistent use of inventory device management tools imperative. And while AI tools can be used to protect our institutional systems, they require human interaction and interpretation to control for false positives or other errors or hallucinations. They can also be used for nefarious purposes, empowering criminals to infiltrate and attack.

TRANSPARENCY HELPS INSTITUTIONAL BUY-IN

A challenge at some institutions is that senior faculty and researchers are wary of security controls being too restrictive or intrusive to their work. However, as more cyber breaches have occurred, faculty in many cases have quickly recognized the real danger of losing their research, having it stolen or corrupted by cyber attacks. One of the keys to having institutional-wide acceptance and adoption of cyber protection is to have transparency on the importance of centralized systems, clear communications from IT and the administration, trusting partnerships with IT and the campus end users, and a close collaboration between IT and the vendors providing strategies, tools and AI resources to protect the institution. As the World Economic Forum pointed out in 2025, “Before making any decision to deploy AI into core operations, businesses need to ensure that the benefit is commensurate with costs and risks. To be sure of this, businesses need to take the potential risks of AI system failures (either accidental or due to malicious attacks) into account.”

INTEGRATING YOUR SECURITY PLATFORM

Developing and maintaining an information security management system (ISMS) — an adaptive system with predictive analysis and proactive security — for all security areas is essential. To do this, IT leaders should consider an integrated security system (ISS) that can provide multilayered security features and intrusion detection for the network and control systems. The goal of an ISS is to migrate from old legacy systems and consolidate security tools to improve efficiency and reduce complexity. In addition, IT leaders might need an integrated total-lifetime asset management tool to accommodate a remote workforce and track an increasing number of IoT devices.

KEYS TO DEVELOPING A STRONG CYBERSECURITY ECOSYSTEM

In 2025, the atmosphere in higher education is filled with a great deal of uncertainty and funding challenges. Yet even in these uncertain times, there are effective strategies available to institutions of any size for combating cyber risks. While larger institutions may have the financial resources to weather unexpected changes, smaller colleges can improve their odds by partnering with other institutions or cybersecurity companies, creating consortiums and centralizing services. When selecting cybersecurity tools, IT leaders should choose vendors that can work closely and in tandem with IT staff and the campus community to ensure end users understand and appreciate what they're doing. No matter what tools are involved, a strong cybersecurity ecosystem starts with clear and consistent communication to faculty, staff, students and associated organizations.

Training IT staff and all end users on how the institution's ISS works can go a long way toward developing strong relationships across the campus. It is easy for a vendor to work directly with IT to select a cyber tool, but finding one that works in partnership with the CIO or chief technology officer, the university administration and the end users creates a much more secure ecosystem.