The education sector is a prime target for threat actors, who have compromised more than 32 million records in some 2,700 data breaches at educational institutions. Moreover, 83% of cyberattacks have focused on higher education systems.
Such attacks put colleges and universities at serious risk, both from disclosure of sensitive data and research and from financial impact. The 2023 IBM Cost of a Data Breach Report puts the cost of the average data breach in higher education at $3.7 million.
Despite the best efforts of IT and cybersecurity teams, the challenge to protect networks and data is growing. Not only are most colleges and universities dealing with legacy—and often outdated—technology and software, but the number of endpoints has also grown significantly.
More students and faculty are logging in remotely. The increase in distance learning has increased the number of potential endpoints. More cloud resources and the adoption of Software as a Service (SaaS) produce more potential threat vectors. IoT and mobile devices and computer hardware add to endpoint sprawl.
The average enterprise company manages 135,000 endpoint devices. Shockingly, about half of these devices are not detected or managed. Many of them do not have built-in security. Think about how many endpoints you have at your higher education institution.
It is a consistent challenge to balance effective endpoint security policies across complex networks against the accessibility and openness needed in education.
Higher education procurement in cyber security can play a significant role in mitigating risks from growing endpoint sprawl. By considering procurement as more than a financial process, colleges and universities can adopt crucial cybersecurity resources as part of technology lifecycles.
The best practice is to centralize procurement of security tools and managed services. Rather than having separate departments or units make technology acquisitions, empowering procurement teams to handle purchasing across campuses means more cost-efficient purchasing. This results in greater consistency in acquisitions that adhere to best practices and institutional standards for endpoint security.
Besides generating cost savings, cybersecurity procurement in higher education can mandate security provisions and contractual language to boost endpoint security. For example, contracts can require:
While endpoint security ultimately remains the domain of IT security teams, procurement teams should work hand-in-hand with IT personnel to develop guidelines and requirements for any cybersecurity purchase. A collaborative approach ensures solutions meet the institution’s needs and provide a framework for adoption across campuses.
A strategic approach to higher education procurement for cyber security can provide the tools and resources that allow IT teams to improve endpoint security, including:
When you know what devices exist and who uses them, identifying and patching critical vulnerabilities becomes significantly faster and more efficient. Procurement teams can work with IT staff to establish standardized patching protocols and ensure timely deployment of updates across endpoints to proactively plug potential attack vectors.
With centralized monitoring systems in place, identifying suspicious activity across all endpoints becomes easier. Procurement teams can source suppliers that offer centralized dashboards and threat detection tools for monitoring and rapid response to potential attacks before they inflict significant damage.
Consistent application of security policies is possible when all departments rely on the same centrally procured tools and configurations. This removes the risk of disparate security standards across faculty, administrative, and student networks, reducing the risk of human error slipping through the cracks.
Procurement teams can play a role in standardizing solutions across higher education institutions. By creating a consistent approach to endpoint devices, detection, and encryption tools across departments, you can significantly reduce threat exposure from gaps in incompatible or diverse solutions.
While procurement teams can make sure they negotiate fair deals, they can also ensure IT teams have the right tools, technology, and services they need to provide endpoint protection and secure resources.
E&I Cooperative Services can augment your procurement process, offering a wide range of competitively solicited cooperative contracts to streamline acquisitions.
E&I Cooperative Services is the only purchasing cooperative serving education procurement exclusively, providing greater insight into how colleges and universities operate and their unique needs. By leveraging aggregated buying power across 6,000 member institutions, E&I Cooperative Services creates significant cost savings beyond what institutions could achieve on their own.
E&I Cooperative Services is the only member-owned, nonprofit cooperative focused solely on education. Membership is free, and there is no obligation or minimum purchasing requirement.
See how E&I Cooperative Services can help streamline your higher education procurement process and save you money.