Episode 604: Evaluating Data Breach Trends & Payments Security in Higher Ed

As higher ed institutions continue to implement more digital technologies, data breach tactics have become increasingly sophisticated. Universities and colleges process and store massive amounts of sensitive personal and payments data, which are increasingly the target of cyberattacks. On this week’s episode of FOCUS, Sean Davidson, Senior Manager of Security Solutions at Verizon, shares the latest trends in payment security and data breaches. Davidson also imparts wisdom on the best practices of cybersecurity that institutions can follow to keep data safe and under payment card industry (PCI) standards.

Verizon in cybersecurity?

On the surface, the correlation between Verizon, a telecommunications company, and cybersecurity might not be easy to make. However, Verizon has maintained dedicated cybersecurity services for 23 years. They offer security management and assessment services out of nine global security operation centers. Verizon was an original contributor to the PCI compliance requirements, offering primary forensic investigation (PFI) and qualified security assessor (QSA) services to companies so they can confidently validate that their environment is secure and PCI compliant.

Data breach investigations report (DBIR)

Verizon’s most notable contribution to the cybersecurity industry is the Data Breach Investigation Report (DBIR). It’s seen as the foremost authority on data breach investigations and reporting and made up of data gathered by Verizon and 86 partners and industry experts. In 2022, the DBIR confirmed 5,212 data breaches out of the 23,896 security incidents reported under the DBIR’s framework. Davidson categorizes an incident as any time sensitive information is exposed, and breaches as anytime that information is then exfiltrated to outside environments.

“We analyze that data, and we boil it down and come up with a view of the cybersecurity threat landscape that companies can use to better understand their threats, their attackers, their motives, and the defensive areas that they should bolster to help prevent impact from these attackers,” said Davidson.

The DBIR’s findings are published annually to the public, with 2022 marking the 15th publication.

Trends

In Davidson’s observations, ransomware is five times more likely to affect education. Ransomware typically refers to sensitive information being compromised and held for a financial ransom. Even if the company pays the ransom, they might not regain access to the data or the data could still be leaked. A human element drives 82% of these breaches, mostly through phishing — which is when a scammer pretends to be a credible person within the victim organization to gain access to protected data.

System intrusions are also a rising threat to higher ed institutions. A system intrusion is an instance of hacking through physical means or modems. This type of cyberattack can also take place due to miscellaneous errors like sending valuable details to a third party, leaving ports open on web applications, and other sometimes human mistakes.

Web application attacks have decreased across the higher ed sector, possibly due to cloud service adoption.

Protecting institutions

One best practice to protect institutions is to have a solid security program with a good security posture. Cybersecurity insurance is a necessity, especially in the event of a breach. Davidson believes hiring a cybersecurity advisor is on the list of best practices to aid in cases of ransomware or phishing.

Zero-trust environments are quickly becoming a proven safeguard for cybersecurity breaches. The environments are created by sharing data on a need-to-know authorization. This eliminates the amount of access given to data sets, limiting potential leak opportunities.

Moving logins to two-factor authentication adds an extra layer of protection to accounts. This second step of identification could be as simple as a security question, or verification codes sent through text, email, or a phone call.

Although the threat of cyberattacks never goes away, putting these best practices into action and being vigilant of system weaknesses can make all the difference in security.

Resources from episode:

Data Breach Investigations Report (DBIR) is available to download for free from Verizon: https://www.verizon.com/business/resources/reports/dbir/

Payment Security Report (PSR) is available to download for free from Verizon: https://www.verizon.com/business/reports/payment-security-report/

Contact Sean Davidson at sean.davidson@verizon.com.

Special Guest: Sean Davidson.