Turning a Core Competency into a Campus Culture of Cybersecurity: A Guide for Higher Ed
- By Kristal Kuykendall
- 06/26/23
A new guide for higher education on improving cyber defense through campus-wide training offers actionable advice for institutions’ leaders on how to translate their core competency — education — into a successful cybersecurity awareness program that reduces vulnerabilities and improves security posture.
The guide, from Ninjio Cybersecurity Awareness Training, delves into specific ways that institutions of higher education can improve their cybersecurity posture through behavior-based awareness campaigns and exercises.
It follows the recent Sophos 2023 State of Ransomware Report’s revelations that 79% of IHEs surveyed reported they were hit by ransomware in 2022, the highest among all sectors and a 23% increase year-over-year.
“There’s a common misperception that cyberattacks are too complex and advanced for people without technical backgrounds to identify and thwart. This couldn’t be further from the truth,” says the Ninjio guide. “By empowering students, faculty, and administrators with robust cybersecurity awareness, CSAT programs protect institutions from digital intrusion across the full range of attack vectors. The best way for universities to rapidly improve their cybersecurity posture is to make cybersecurity awareness a core focus at every level of the institution. Trained students, faculty, and staff will then become an integral part of the culture of cybersecurity: capable of keeping the entire university community secure.”
Ninjio CEO Shaun McAlmont, Ed.D., told Campus Technology that the goal should be to build a “culture of cybersecurity” alongside other campus culture efforts, in which students, professors, and administrators participate in consistent and engaging cybersecurity awareness training to limit the institution’s vulnerabilities across the entire network.
“Institutions of higher education, perhaps more than other organizations, put a lot of thought into their culture. Especially in the U.S., colleges and universities trade heavily on that culture for onboarding new faculty, staff, and students and for continuing engagement with alumni,” McAlmont said. “There’s already a lot of communications infrastructure to support that level of cultural engagement, but it likely isn’t run by the IT department.
“Security leaders who need to reach and engage with their campus communities on cybersecurity awareness should work to get stakeholder buy-in from those who administer those lines of communication. They should also get support for integrating cybersecurity awareness training into the faculty and staff onboarding and new student orientation processes.”
4 Key Components for Cybersecurity Awareness Training in Higher Ed
Ninjio’s guide emphasizes four foundational components of a successful cybersecurity awareness program in higher education:
1) Earn the attention of learners.
CSAT programs require “drama, engagement, and reward,” McAlmont said. “There’s no reason cybersecurity education has to fall into the familiar patterns and pitfalls of formal training programs: stale and monotonous content paired with zero interactivity. By providing high-quality, narrative-driven CSAT content, universities will help students, faculty, and administrators learn and retain critical cybersecurity concepts.”