Some of the most common cybersecurity threats are malware, ransomware, phishing and spam. For their victims, including higher education institutions (HEIs), cybercrimes range from inconveniences to data breaches to grand heists like the one that struck Cape Cod Community College (CCCC) four years ago.
In 2018, CCCC experienced a cybersecurity attack resulting in $800,000 stolen from school bank accounts. CCCC was ultimately able to recover more than 80% of the money stolen by the hackers, but impacts of the attack still affect the college.
The cyberattack prompted CCCC, known as the 4Cs, to work with an independent consulting firm to learn best practices related to the institution’s cybersafety. These included, for example, installing endpoint protection software applications that protect servers and PCs from malware campuswide.
President John Cox of Cape Cod Community College spoke about the school’s cyberattack and what he has learned from the situation.
“One of the major takeaways from that is when you are looking at a website or anything electronic and you are being asked to open something up or go to a certain website or scan a QR code, unless you are 99% sure that it’s the real deal, then you shouldn’t hesitate to call the people who sent it to verify it.”
The CCCC attack also prompted the community college to reevaluate its degree programs. In the 2020-21 academic year, CCCC began offering a degree and certification in Information Technology: Cybersecurity. Previously, this pathway had been Information Technology: Security Penetration Testing and though the course requirements haven’t changed much, the new name and reframing of the program is a sign that the 4Cs and other HEIs are realizing the importance of offering cybersecurity programs, and prospective students are taking notice.
Will Markow, the vice president of applied research at LightCast, estimated that his labor market analytics company has seen at least a 40% increase in cybersecurity graduates in the last few years. Despite the rise in people completing cybersecurity degrees, the growth rate of cybersecurity job positions is still double the graduation rate, meaning a cybersecurity skills gap continues to persist.
NEBHE and cybersecurity
NEBHE, with its longtime interest in changing skilled labor demands, has been covering the need for cybersecurity talent for several years. In a 2014 NEJHE piece, Yves Salomon-Fernandez, then a vice president at MassBay Community College, wrote about the cybergap and the demand for cybersecurity talent along with New England’s response to the need. Salomon-Fernandez discussed the creation of the New England Cyber Security research consortium, a collaboration between Mass Insight and the Advanced Cyber Security Center. The consortium has evolved into the Cybersecurity Education and Training Consortium, which aims to improve the cybersecurity talent pool. The consortium holds an annual conference where new research is shared and cybersecurity experts lead various workshops.
In 2015, NEBHE announced that cybersecurity was among new academic subject areas to be offered under Tuition Break, NEBHE’s initiative to help students and institutions share high-demand programs. These offerings included associate degree programs in specialized fields such as cybersecurity infrastructure, cybersecurity and healthcare IT, and cybersecurity-digital forensics.
In July 2022, NEBHE, in collaboration with the Business-Higher Education Forum (BHEF), awarded tech talent grants to seven business-higher education partnerships in Connecticut. The grants are a part of an initiative to target growth in tech skills like cybersecurity. Quinnipiac University, the University of Bridgeport and Mitchell college were awarded tech talent grants focused on cybersecurity.
The skills gap
The cybersecurity skills shortage continues to persist and organizations of all types face cybersecurity challenges.
In its 2022 Cybersecurity Skills Gap Global Research Report, Fortinet found that “worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness.”
The Fortinet report also found that recruiting and retaining cybersecurity talent was a key issue. 60% of organizations have difficulty recruiting cybersecurity professionals and 52% have a difficult time retaining those professionals.
In 2018, The New York Times reported on a prediction from CyberSecurity Ventures that estimated 3.5 million cybersecurity positions will be available but unfulfilled by 2021. CyberSecurity Ventures has since updated its prediction for 2025, but continues to project vacancies at 3.5 million. “Despite industry-wide efforts to reduce the skills gap, the world’s open cybersecurity position in 2021 is enough to fill 50 NFL stadiums,” according to CyberSecurity Ventures.
Clearly, there is a need for more cybersecurity professionals, but why have efforts to reduce the skills gap not worked?
One reason is that people simply aren’t getting the right credentials to secure a cybersecurity position. Many top cybersecurity jobs require not just a bachelor’s degree, but also a master’s and may also require credentials such as a CISSP certification. CISSP stands for Certified Information Systems Security Professional and is independently granted by the International Information System Security Certification Consortium.
Despite the demand for cybersecurity positions to be filled, the industry is slow to soften the credentials or education requirements. But some companies, such as Deloitte, have begun creating a talent pipeline where they train candidates in skills they would not have previously been qualified for.
Cybersecurity and higher education
Cape Cod Community College is far from alone in facing cybersecurity threats.
The threat that cyberattacks pose for HEIs is extremely costly and increasingly frequent, according to April 2022 coverage in Forbes. Ransomware attacks are the most frequent problem for HEIs, with each attack costing on average $112,000 in ransom payments. Forbes writes that HEIs are prime targets for cyberattacks because of their historically underfunded cybersecurity efforts and the way that information sharing and computer systems work in the institutions.
Austin Berglas, global head of professional services and founding member of the cybersecurity firm BlueVoyant, told Forbes that his company had seen a large increase in ransomware attacks in 2020 and 2021 since everyone went remote.
In 2022, a handful of U.S. HEIs have publicly disclosed cyberattacks, according to Hackmageddon, a security breach tracker. Still, most cyberattacks on institutions go unreported unless forced to by law.
Universities have begun upgrading their cyberdefense systems, partially as a result of nudging from the insurance industry.
With the understanding of the threat of cyberattacks, HEIs are working on pumping out cybersecurity professionals.
Consider the University of Bridgeport, one of the universities that received a tech talent grant from NEBHE and BHEF. The university announced that it will use the grant money to launch a 12-week course in cybersecurity and information security geared toward the finance and tech sectors. The university plans to offer a certificate to course participants that will allow students to be workforce ready in the cybersecurity field.
Other New England HEIs are also looking to impact the cybersecurity world. Yale University is partnering with other institutions to support the Secure and Trustworthy Cyberspace Program, a research program supported by the National Science Foundation. That program is working on initiatives like the creation of a confidential computing center, making a secure software supply chain and working to improve computing in marginalized communities.
In addition to the programs offered through NEBHE’s Tuition Break, five Massachusetts universities offer bachelor’s degrees in a cybersecurity-related field as well as two in Connecticut, two in Vermont, three in Maine, three in Rhode Island and one in New Hampshire, according to Cybersecurity Guide. Various other associate, master’s and doctoral degrees in cybersecurity fields are also available at New England HEIs.
Cox of CCCC also spoke about the school’s partnership with Bridgewater State University, which is developing a cyber range to simulate and test cybersecurity networks. This cyber range will allow students and professionals to perform mock cybercrime investigations to better prepare for any situation.
This is unlikely the last you’ll read on the complex challenges of cybersecurity in NEJHE.
Viktoria Popovska is a NEBHE journalism intern and a junior at Boston University.
[ssba]