Results for October HEISC Survey on Current Risks & Top Issues

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

Good afternoon,

Thank you for responding to our latest quarterly HEISC survey on current risks and top issues in the higher ed 
community.

The top 5 issues for Q4 (with 111 respondents):

·         Phishing and social engineering, 47.75%

·         Limited resources for the security program (too much work, not enough time or people), 32.43%

·         End user awareness, training, and education, 25.23%

·         Addressing regulatory requirements (PCI, NIST 800-171, etc.), 21.62%

·         Protecting Personally Identifiable Information (reducing end-user storage and access to PII), 20.72%

Note that Data Security (including encryption initiatives) and Limited funding for the security program tied for #6 
(16.22%). Each participant could select up to 3 responses from the list provided in the survey.

___________________

And as a reminder, here are the top 5 issues for the first two quarters in 2017.

Q3 Top 5 issues (with 57 respondents):

·         Phishing and social engineering

·         Limited resources for the security program (too much work, not enough time or people)

·         Addressing regulatory requirements (PCI, NIST 800-171, etc.)

·         Malware, ransomware, APTs, and zero day vulnerabilities

·         End user awareness, training, and education

Q2 Top 5 issues (with 101 respondents):

·         Phishing and social engineering

·         Limited resources for the security program (too much work, not enough time or people)

·         End user awareness, training, and education

·         Limited funding for the security program

·         Protecting Personally Identifiable Information (reducing end-user storage and access to PII)

Q1 Top 5 issues (with 114 respondents)

·         Phishing and social engineering

·         Limited resources for the security program (too much work, not enough time or people)

·         End user awareness, training, and education

·         Limited funding for the security program

·         Malware, ransomware, APTs, and zero day vulnerabilities


Thank you,
Valerie

Valerie Vogel
Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

_________________

October is National Cyber Security Awareness Month! Visit our Awareness Campaigns 
page<http://www.educause.edu/securityawareness> for free resources.