Page 27 - The EDGE Spring 2024 WEB
P. 27
CYBERSECURITY
BY WES GATES
Cybersecurity Is a Classic Moving Target
Wes Gates
Thinking about the evolving landscape of cybersecurity, exhibiting an unacceptable level of risk should
it’s important that educational institutions prepare not be bypassed or asked to make specific, verifiable,
just for today’s threats, but tomorrow’s as well. This contractually stipulated changes.
article will discuss emerging cybersecurity trends and
some measures schools can take to help mitigate the Transitioning from Voice and SMS for Multi-
inherent risks involved. FactorAuthentication (MFA)
In response to growing concerns over the vulnerability
Third-Party Cyber Risk Management of some forms of MFA — voice and SMS in
As schools increasingly rely on third-party vendors, particular — MFA is witnessing a shift toward more
they need to pay close attention to the associated risks. secure alternatives. Specifically, leading vendors
Sharingsensitive data or granting network access to are encouraging the use of authenticator apps — an
a third party can expose an organization to various application on the user’s mobile device that generates
security concerns, including data breaches, supply a one-time pass code or otherwise requires the user
chain attacks, and compromise of critical systems. to approve the requested access — rather than SMS
text or voice verification. Google suggests the use of
Third-party cyber risk management (TPCRM) is the hardware-based security keys (a registered USB stick,
practice of identifying and mitigating these and other for example, inserted into a device when prompted)
potential securitythreats. To establish effective TPCRM, as the safest alternative, and the Google Authenticator
organizations should create a comprehensive vendor app as a secondary option. Microsoft also recommends
vetting process, including thorough risk assessment to push notifications with its authenticator app.
understand potential cyber risks associated with each
vendor. At a minimum, buyers should evaluate: Monitoring and Security Operations Centers (SOCs)
In recent years, cybersecurity threats have become
• Documentation showing vendor compliance with more advanced and complex, making it challenging
industry standards. for organizations to protect their digital assets. Under
• Vendor establishment of an access management these circumstances, Security Operations Centers
process, a data backup and recovery strategy, and (SOCs) have become increasingly important. SOCs
an incident response plan. are equipped with advanced technologies and skilled
• Information regarding any past cybersecurity personnel who work together to monitor, detect, and
incidents. respond to security incidents in real time.
• Service-level agreements.
SOCs have particular relevance to the education sector,
Information gleaned from this analysis can be which is increasingly reliant on digital platforms for
converted into a scorecard and security rating for teaching, learning, and administrative processes,
each vendor based on its threat or risk level. Vendors creating a large attack surface for cyber threats.
CONTINUED ON PAGE 28
27
