The importance of cybersecurity in higher education
Amid the backdrop of COVID-19, cybersecurity has become more important now than ever. Researchers across Ontario and Canada are on the front lines of innovative testing, working on therapies and vaccine development while remote work and learning has become the new normal. A large portion of these researchers are taking advantage of the resources provided by higher education institutions. The move to online and cloud-based services, accelerated by the pandemic, places institutions at an even higher level of risk.
Even outside of global pandemics, colleges and universities hold a lot of valuable data, making them an appealing target for cybercrime. Some of this valuable data includes the personal, financial and health information of students and faculty, research data, and commercial and intellectual property that is often in collaboration with government and private sector.
According to Accenture’s annual The Cost of Cybercrime survey, investigating and remediating cybercrime attacks cost Canadian institutions an average of $9.25 million in 2019.
46% of Canada’s universities and colleges had reported a cybersecurity incident – the second highest rate of any sector in the country – Stats Canada, 2017
And a 2017 analysis by Statistics Canada’s Canadian Centre for Justice Statistics found that 46% of Canada’s universities and colleges had reported a cybersecurity incident – the second highest rate of any sector in the country, only narrowly trailing the banking sector (47%). With the cost and frequency of cybercrime faced by higher-education, it is critical that Canadian colleges and universities are fully equipped to protect themselves.
The state of cybersecurity in higher education
Universities and colleges already have a strong cybersecurity foundation to build on. Ontario higher-education institutions have tasked cybersecurity professionals and/or IT professionals with providing a safe and secure online ecosystem for students, faculty and staff. Many institutions have prioritized cybersecurity and have made significant progress in protecting their networks and online community members but are limited by available funding and resources at the institutional level.
Together, the sector has already taken important first steps. The Ontario Cybersecurity Higher Education Consortium is a consortium of 29 Ontario colleges and universities who, with the support of ORION, have joined together to lead the way for cost-effective cybersecurity guidance, advisory programs and services for Ontario’s higher education cybersecurity needs.
Data is always the key
Preparedness is impossible without accurate, objective and current-state evaluation information. In 2019, ON-CHEC developed a cybersecurity self-assessment questionnaire for each of its 29 college and university members to complete, creating the largest benchmarking dataset of its kind. This standards-based assessment based on leading cybersecurity frameworks was developed specifically for higher education.
The data highlights where the gaps are largest, and thus the areas that are in most immediate need of attention. Our goal is to achieve equity in the cybersecurity capabilities for all institutions. Due to the collaborative nature of cybersecurity across institutions, the vulnerability of one institution affects the whole sector.
These findings are summarized in our report “Cybersecurity and Higher Education in Ontario: Protecting the Public, Economic, Provincial and National Security Interests” and is the basis of our recommendations to government. This report represents input from many of our research, education and innovation community partners as well as our constituents.
Trends in Ontario’s post-secondary education cybersecurity:
- Canadian academic institutions are facing massive risk – As on-site and cloud-based IT infrastructure and services grow and become more complex, it becomes more difficult to build secure and resilient methods of security management.
- Size affects preparedness – Larger institutions on average have more resources to draw from for cybersecurity preparedness.
- Geography is an indicator of readiness – As with other issues of equity, Ontario’s North is disproportionately affected by a lack of resources.
- Urgent trumps important – Universities and colleges have many competing technology priorities and the demands of a fulsome cybersecurity program may be less urgent than a teacher who can’t access their curriculum.
- Security roadmaps are incomplete – A comprehensive cybersecurity approach requires united priorities, sufficient funding and resources with aligned constituencies, which may be luxuries some higher education environments can’t afford.
Recommendations to improve cybersecurity for Ontario’s higher education sector:
- Establish a common cybersecurity strategy and framework for all of Ontario’s universities, colleges and other higher education institutions.
- Create a targeted investment fund based on this sector-wide strategy to assist colleges and universities in upgrading their cybersecurity capabilities.
- Align to and support a national cybersecurity approach by enabling continued participation in and contribution to national collaborative cybersecurity initiatives. This will draw upon best practices, leverage the strengths of each province and maximize funding opportunities while addressing the unique needs of Ontario institutions.
We at ORION recognize there are many provincial and national cybersecurity initiatives underway and we’re working together collaboratively. This report represents input from many of our research, education and innovation community partners as well as our constituents and we thank them for their contributions.
Reach out to firstname.lastname@example.org to learn more and read our full report, “Cybersecurity and Higher Education in Ontario: Protecting the Public, Economic, Provincial and National Security Interests”.