Skip to content

It is a story that gets retold across most boardrooms nowadays: with so many cyber security threats encroaching your perimeter, how does a business control the growing risk of a breach? The challenge with cyber security may resonate with many different industries, but Higher Education practitioners must remain especially vigilant.

In early 2023, the Times Higher Education (THE) reported how universities are at the greatest risk across the education landscape. The statistics reiterate the same story again: whilst attack verticals like ransomware continue to be a disruptive force, the education sector was one of the most targeted (and victimised) industries last year.

Most analysts will observe how cyber crime is, in fact, now large enough that is has become its own ‘industry’. This has led to many nervous conversations about how the education sector can contain the risk before it significantly impacts their users, trustworthiness and profitability.

With a substantial student base and an impactful research culture, this London university approached CSI to better assess, and ultimately deliver, a cyber security capability that could both identity and remediate risks. As tightening their security posture became a high priority, CSI quickly helped this institution rediscover peace of mind. As it turns out, outsmarting cyber crime can be simplified down to right controls and expertise.

Security Pain Points

From tightening regulations to emergent or strategic risks like business continuity and everyday costly disruption, many educators share security challenges. Cyber security is at the forefront of almost every IT agenda in the UK.

Whilst cybercrime is enough of a disruptive force that business leaders are losing sleep over their security controls, the question of how to identify and remediate risks remains a challenge. Most often this is the case because educational institutions lack the right security skills and knowledge internally to outcompete everyday attacks verticals like phishing campaigns or sophisticated ransomware.

CSI has learned over time how universities uniquely require security controls to manage ‘open by design’ IT environments – and often ones that are scaled and have multiple end users. Usability, utility and everyday access to IT platforms is mission critical. A myriad of users, be it researchers or students, often located around the globe, will expect a university’s IT to enable their learning and act as a core collaboration portal for their everyday activities. But flexibility can often complicate security.

 

 

 

 

Graduates at a University.

The nature of public sector IT environments, like those found in educational settings, must often be ‘open by design’. Usability and access are critical for a myriad of end users. But this approach widens the attack surface.

Many universities have tried, in recent years, to attract, recruit and retain security talent. Market shortages in cyber security specialists have frustrated how easily the university was able to onboard and retain the staff count required to build and maintain a cyber security capability. Talent attrition is a global phenomenon as IT resources have become increasingly harder to recruit. Not only does a wide talent gap indicate a shrinking pool of expertise, but the skilled technicians that are available on the market are also retiring.

At a glance, our client was ready to invest in tighter cyber security controls, especially where threat detection and remediation were concerned. We helped them overcome major pain-points in their journey to becoming a more secure university.

They suffered from:

  • A frighteningly wide attack surface;
  • Difficulty in recruiting and retaining internal security staff.

“The most hard-fought battles occur not in boardrooms but at the perimeter of your IT environment. Once an organisation right-sizes the threatscape and understands, proportionally, how risks can infiltrate and take down their operations, they typically start to lose sleep. But rest assured that conventional wisdoms are largely helpful here. Don’t overcomplicate a cyber security strategy – start with identifying risks and then build in controls to manage and blunt them. Better yet, work toward a place where your environment is ‘secure by default”.

– Leyton Jefferies, CSI’s Head of Cyber Security.

 

 

Maturing a Security Posture

Many universities have identified MDR (Managed Detection & Response) as a cornerstone piece of their security agenda. Where universities have traditionally relied on collaborative platforms to support student life and deep research cultures, the flexible design of IT environments is too often an open window for cybercrime opportunists.

Depending on where a university is on their security journey, sometimes the best goal is less about innovating with security resources than it is to just instil best practice.

Working with our key technology partner, Fortra, CSI prioritised security insights and visibility to help underpin a truly resilient solution. Our security experts, partnering closely with Fortra’s Alert Logic specialists, delivered a new layer of insight into the threatscape via cost-effective vulnerability scanning.

Our MDR services are a far-cry from ineffective tooling that runs invisibly in the background. CSI augmented real-time threat detection with threat hunting to ensure the mitigation of malicious activity that might be capable of bypassing the client’s existing prevention capabilities. Inside our MDR service, our dedicated Security Operations Centre (SOC) specialists monitor the client’s systems 24/7/365 to ensure ongoing peace of mind – and surveillance of across a wide and collaborative IT environment. This is combined with our ability to leverage diverse data collections and analytics to understand and rapidly remediate threats.

Within a year, the client has rapidly changed its attitude to risk. Where its formerly open – flexible and collaborative – IT platform was an easy target for cybercriminals, CSI helped to transform its security posture with a threat detection and remediation capability. Both enhanced visibility into risk types, and the right controls to blunt attacks, the client’s security practice is aligned to market-leading technologies and resources that are entirely more powerful than ever before.

Security products are only as valuable as its configuration. CSI’s primary role, when working with any client, is to deploy our expertise in a way that it becomes your own. Our additional managed services ensured that the client was able to overcome staffing and resource limitations, leveraging a cutting-edge security solution. Our solution is designed to overcome common barriers in the road to adoption around security tooling. We executed against an MDR solution that was both compliant and worked to cost sensitivities.

“There’s a rumour going around that cyber security tooling is either too expensive, or that you need a warehouse full of kit to get the job done right. This simply isn’t true – and now, more than ever, the public sector has access to cutting-edge security capabilities if they just look to the market for an MSP. Of course, like any good partnership, trust and reliability is a kind of currency in itself.”

– Leyton Jefferies, CSI’s Head of Cyber Security.

Key Financial Drivers

CSI is aware of the unique pressures shaping the higher education sector. Putting a leading university’s security posture under the microscope reveals an urgency to expediate tighter controls around threat identification and remediation. But taking a step back from the security conversation, CSI is aware of how these institutions use financial yardsticks to measure growth and profit.

Many universities measure the following:

  • Student number count (especially for overseas)
  • Research grants

Not only is CSI abreast of the unique concerns facing educators, but our solution delivery went above and beyond to nurture the client throughout the procurement process. Our experts showed patience and supported the university until it was ready to fully invest in a new security solution.

This project went beyond a castle-and-moat attitude toward the threats waiting outside your business. Instead, we captured a step-change in supporting a business that needed confidence in its security posture.

Get Certified Security Support

Supporting a leading London university, CSI was approached for its firm security capability and advanced IT solutions. CSI helps the public sector secure itself against the advancing threatscape.

If your business wants to arm itself market-leading security technologies, CSI’s specialists can help. Get in touch today to find out how our experts can support your next security project.

About Our Client

A leading, highly respected London-based university, our client has been educating students of all kind for over 100 years, helping them to transition into successful careers later in life. With a mission to drive educational benefits across students with diverse backgrounds, this university hosts a thriving, rich culture of educators and learners alike with a special focus on modernising for the future ahead.

Ready to talk?

Get in touch today to discuss your IT challenges and goals. No matter what’s happening in your IT environment right now, discover how our experts can help your business discover its competitive edge.