tl;dr: Institutions of higher education are navigating a changing cybersecurity landscape by investing in innovative strategies, seeking outside expertise, building interactive security solutions and partnering with cybersecurity technology providers.
Higher education institutions face cybersecurity challenges unlike those faced by many other sectors.
Open networks designed to facilitate collaboration, student populations that come and go and budget constraints can all broaden the opportunity for cyberattacks. What’s more, institutions are home to research data, personally identifiable information, financial information and intellectual property that make them attractive targets.
In some ways, the problem is cultural. Academic institutions are built on openness, shared governance and intellectual freedom. The strict security access control, monitoring and response protocols that work in the corporate world may not be appropriate for colleges and universities so what can they do to stay secure?
Approaches that work
To counter these challenges, leaders in higher education are adopting strategies that move beyond simple prevention to build comprehensive resilience to withstand and quickly recover from an incident.
Many institutions lack the in-house resources for 24/7 threat monitoring and choose to outsource portions of their security operations to external partners that can provide expertise and 24/7 coverage. This is a practical and efficient way for colleges and universities to approach security, and it gives institutions the opportunity to build relationships with technology partners that understand their environments and constraints.
Another effective strategy involves creating a layered defense of interlocking security tools that protect different parts of the network. This approach requires more internal capability but gives institutions greater control. The University of Miami Health System, for example, manages a complex blend of patient data, research, and student information. They implemented a zero trust architecture and deployed multiple firewalls with support from Dell Technologies to protect different parts of its network. This multi-layered strategy helps ensure that even if one layer is breached, others stand ready to protect critical assets.
The power of partnership and preparation
When the Universidad Autonoma de Barcelona (UAB) was hit with a ransomware attack over a long holiday weekend in 2021, it was able to ignore the ransom demand and recover quickly.
The university’s success came from preparation. It had a response plan in line with Spain’s National Security Framework, and a team of specialists trained to execute that plan. Its relationships with government security agencies, law enforcement and technology partners like Dell Technologies meant it could restore operations without paying attackers.
That preparedness didn’t come overnight. It was the result of leadership, investment and the discipline to run regular exercises and test assumptions before an attack occurred.
Government guidance, too, like the updated framework from the National Institute of Standards in Technology (NIST), and stricter requirements from cyber-insurers are also driving positive change. These standards encourage institutions to adopt best practices and improve their overall security posture.
Cultivating the next generation of defenders
Technology, preparedness and partnerships are important, but colleges and universities also need people who understand their environments and know what steps to take when things go wrong.
Mercyhurst University is tackling this head-on with a dedicated cybersecurity major that blends academic knowledge with hands-on experience.
Through internships and active projects, students work on hands-on challenges that help prepare them for real-world projects. This initiative fills a critical talent gap and gives students practical skills to understand and work in higher education’s unique environment.
Moving forward, together
For higher education technology leaders trying to figure out where to focus, here’s what matters most:
- Get clear on what needs protecting and why. Not everything is equally critical. Identify the most valuable assets, whether that’s research data, student records or financial systems, and prioritize protecting them.
- Build relationships early on. Whether it’s with trusted technology partners, law enforcement or peer institutions, the time to establish those connections is before a crisis, not during one.
- Test assumptions. Run tabletop exercises. Simulate an attack. Find out where plans break down before an incident occurs.
- Have a cultural conversation. Security isn’t just an IT problem. It requires buy-in from academic leadership, faculty and students. Make the case for why it matters and involve people in the solution.
Building resilience together
Cybersecurity in higher education will always be challenging. But institutions that are willing to think differently about the problem, and to invest in technology and people, are building resilience.
At Dell, we work with colleges and universities to provide the tools and expertise that support this work, from secure data recovery solutions to layered defense architectures. Our goal is to be a partner that understands your environment and helps institutions navigate these challenges with confidence. Those that are succeeding aren’t doing it alone—they’re building relationships with partners who can help them prepare, respond and recover.
Learn more about Dell Technologies Solutions for Higher Education.
