Results for the October 2018 HEISC Survey on Current Risks & Top Issues

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

Good afternoon,

Thank you for responding to our latest HEISC survey on current risks and top issues in the higher ed community. A 
summary is provided below.

Thank you,
Valerie

2018 Q4 Top Issues (with 110 respondents):

  *   Phishing & social engineering, 35%
  *   End user awareness, training, and education, 28%
  *   Limited resources for the security program (too much work, not enough time or people), 28%
  *   Cloud services & third-party security (including click-through terms of service), 19%
  *   Campus policies & procedures, 15%
  *   Data security (including encryption initiatives, 15%
  *   Limited funding for the security program, 14%
  *   Risk management, including risk assessments 14%

_________________________________________


2018 Q2 Top 5 issues (with 119 respondents):

  *   Limited resources for the security program (too much work, not enough time or people), 32%
  *   Phishing & social engineering, 29%
  *   GDPR compliance, 28%
  *   Risk management, including risk assessments, 21%
  *   Protecting Personally Identifiable Information (reducing end-user storage and access to PII), 19%

2017 Q4 Top 5 issues (with 111 respondents):

  *   Phishing and social engineering, 47.75%
  *   Limited resources for the security program (too much work, not enough time or people), 32.43%
  *   End user awareness, training, and education, 25.23%
  *   Addressing regulatory requirements (PCI, NIST 800-171, etc.), 21.62%
  *   Protecting Personally Identifiable Information (reducing end-user storage and access to PII), 20.72%

2017 Q3 Top 5 issues (with 57 respondents):

  *   Phishing and social engineering
  *   Limited resources for the security program (too much work, not enough time or people)
  *   Addressing regulatory requirements (PCI, NIST 800-171, etc.)
  *   Malware, ransomware, APTs, and zero day vulnerabilities
  *   End user awareness, training, and education

2017 Q2 Top 5 issues (with 101 respondents):

  *   Phishing and social engineering
  *   Limited resources for the security program (too much work, not enough time or people)
  *   End user awareness, training, and education
  *   Limited funding for the security program
  *   Protecting Personally Identifiable Information (reducing end-user storage and access to PII)

2017 Q1 Top 5 issues (with 114 respondents)

  *   Phishing and social engineering
  *   Limited resources for the security program (too much work, not enough time or people)
  *   End user awareness, training, and education
  *   Limited funding for the security program
  *   Malware, ransomware, APTs, and zero day vulnerabilities


Valerie Vogel
Interim Director, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | Follow HEISC on 
LinkedIn<https://www.linkedin.com/showcase/higher-education-information-security-council-heisc-/> | twitter: 
@HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

_________________

October is National Cybersecurity Awareness Month!
Join EDUCAUSE and the higher ed community as a NCSAM Champion. Follow #CyberAware for tips & resources.