Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM

The New Crash-Test Dummy

Instilling a new 'security culture' in the hearts and minds of college students is no sure thing

4:00 PM -- Remember that little voice inside your head back in college? No, not the one that said, "drink, #$%@!, drink!" I'm talking about the reassuring voice that said, "that won't happen to me."

That voice of bravado may be a bigger threat to universities than any outside attacker trying to break into campus from the real world. (See Back to School: Backpacks, Books & Bots.)

Just as graphic films of accident aftermaths don't completely stop college drunk driving, even the most in-your-face campus security awareness training won't stop some students from meeting up with strangers from Facebook, or cluelessly clicking on a malicious link.

But that doesn't stop the educational institutions from trying. Universities and colleges are attempting to build a culture of security-mindedness on campus these days, just as they built an awareness of physical security in the wake of tragedies like the Virginia Tech shootings. That's the good news.

The bad news is that, when it comes to security on college campuses, there is always a conflict of interest between freedom/openness and safety. You can't completely seal off a campus from a physical threat, nor can you build a completely secure perimeter in an open, academic world.

"Security and the campus culture of being open are diametrically opposed," notes Brian Kelly, director of information security for Quinnipiac University. Quinnipiac has launched an aggressive physical- and IT security awareness campaign this fall which attempts to frame security in more personal terms for its students.

"We've tried to use the analogy that what you put in your body is like [what you] download to your laptop," he says. "Spam is getting more sophisticated, but there's always something about a spam message that doesn't seem quite right and gives you pause. It's like that leftover pizza in your dorm refrigerator that's been there for a while -- something tells you shouldn't eat this. [We say to] try to use that same innate sense when you get these emails."

Kelly admits that making IT security "real" for college students isn't easy. But preaching best practices just doesn't cut it -- nor does leaving them in the dark. Quinnipiac is looking at "what can we do culturally to change students' hearts and minds" about security, he says.

Awareness won't work for all college students. If they're hungry enough, they'll eat the old pizza. And if that stranger online sounds really hot, well... But even so, security awareness is a big first step, and it'll hit home for some students, especially if their AIM account is at risk of being compromised. OMG!

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.