Universities finally getting security religion

After years of under-prioritizing the threat of breaches in cybersecurity, universities are finally beginning to beef up their IT staff and recognize their security vulnerabiliites, TechNewsWorld notes. The moves come on the heels of numerous attacks on university databases that proved that unversities were particularly vulnerable to hackers.

"Universities have been a target of attackers for well over a decade, because there is a wealth of information there that is useful for exploitation. There are young students there who have credit cards, Social Security numbers, bank accounts and other types of online assets that are valuable to criminals," Ken Dunham, senior engineer at threat intelligence firm iDefense, told TechNewsWorld.

Sacred Heart in Fairfield Conn., Ohio University and Georgetown University are the most recent victims. Georgetown's servers contained data on 40,000 Washington, D.C., residents, whose names, addresses and Social Security numbers were accessible to identity thieves.

According to The Privacy Rights Clearinghouse, over 50 million people have had their personal information potentially exposed by unauthorized access to the computer systems of companies and institutions since Februsary 2005.

Universities have not put financial resources into securing data bases like corporations. IT departments tend to be understaffed and under-trained in security.

"Unlike a corporation, universities have unique challenges that are extremely difficult to manage. They often have a very large number of users and support a wide range of computers," said Dunham. "It's very different from a small business that wants to adopt a bunch of Microsoft computers and call it good. These guys might have to support Apples and PCs and have them talk to each other. It makes it increasingly complex." said Dunham.