{"id":181328,"date":"2026-01-21T17:04:00","date_gmt":"2026-01-21T22:04:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/21\/why-higher-ed-cios-must-rethink-cybersecurity\/"},"modified":"2026-01-24T15:55:24","modified_gmt":"2026-01-24T20:55:24","slug":"why-higher-ed-cios-must-rethink-cybersecurity","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/21\/why-higher-ed-cios-must-rethink-cybersecurity\/","title":{"rendered":"Why Higher Ed CIOs Must Rethink Cybersecurity"},"content":{"rendered":"

Why Higher Ed CIOs Must Rethink Cybersecurity<\/a><\/p>\n

https:\/\/www.bankinfosecurity.com\/higher-ed-cios-must-rethink-cybersecurity-a-30579<\/a><\/p>\n

Publish Date: 2026-01-21 17:04:00<\/a><\/p>\n

Source Domain: www.bankinfosecurity.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Governance & Risk Management
\n ,
\n Identity & Access Management
\n ,
\n Patch Management<\/p>\n

Decentralization and Sprawl Complicate University IT Programs<\/p>\n

Jennifer Lawinski \u2022
\n January 21, 2026 \u00a0 \u00a0 <\/p>\n

Several Ivy League universities including Harvard and Princeton experienced hacks in 2025, showing that even the nation’s wealthiest universities are vulnerable. (Image: Shutterstock) <\/p>\n

Higher education CIOs are working in unique environments where openness and innovation thrive, but recent high-profile breaches at elite institutions show the challenges they face in keeping systems secure.See Also: Zero Trust Under Strain as Organizations Favor Just-in-Time Access
\nSeveral Ivy League universities – including Harvard and Princeton – experienced hacks in 2025 through unpatched enterprise software and sophisticated social engineering campaigns, showing that even the nation’s wealthiest universities are vulnerable.
\nTo combat these rising threats, university CIOs need to rethink their operating models, governance and IT ownership structures, said Rob Belk, a cybersecurity consultant with EY.
\n“This is probably the most interesting cyber topic that doesn’t include the word AI,” Belk said. “And it’s dramatically underreported.”
\nThis shift is being propelled by the changing higher education landscape itself. Traditional funding sources are in flux, creating uncertainty in already highly decentralized ecosystems. University infrastructure is more like a city than a traditional enterprise ecosystems. Each university can include various schools and departments, research institutes, hospitals, athletic facilities, housing, bookstores and even hotels. The population is constantly shifting, with students, faculty, staff, researchers and guests coming and going each year.
\nThe challenge is compounded by the fact that many of these groups may control their own IT environments.
\n“In many ways, the CIO doesn’t control – sometimes not even most of – the IT that’s out there,” Belk said.
\nFor university CIOs, cyberattacks across these vast and disparate networks are moving faster. Belk noted that attackers’ “speed to compromise” has decreased, shortening the windows to mitigate harm. In 2019, organizations had roughly nine hours to detect and contain an intrusion. Today, that window has compressed to about 48 minutes.
\n “That’s shockingly fast,” Belk says.
\nAnother risk area for the university is research computing. Historically, research systems have been purchased, operated and maintained by individual schools or principal investigators using grant funding, and many researchers view these systems as personal assets.
\nCIOs often face opposition to change: “That’s my system. You shouldn\u2019t be having anything to do with it because it’s my research,” Belk said.
\nBut as universities view research as a more explicit revenue stream, CIOs are increasingly responsible for research infrastructure that must be secured like an enterprise system, Belk said.
\n“The business of research will change,” he said. “And when it does, it will operate more like an enterprise. The security and IT supporting it will have to match that reality.”
\nFocusing on the Building Blocks of Security
\nTo navigate the complex higher education environment, Belk said CIOs need to focus on the fundamentals.
\n“Be really great at the basics,” he said. “We see a lot of organizations that still struggle with some of the fundamentals of monitoring their environments, controlling access. And that is something that needs to be addressed. Because if you’re struggling with the basics, you’re leaving yourself open in the first place.”
\nThe cyber basics includes having visibility into your environment, consistent monitoring and patching, and rigorous access control, he said.
\nAccording to research from Mandiant, 33% of breaches come from exploits of software flaws, and university internet-facing systems are especially vulnerable, Belk said. Ensuring that all systems are patched “would go a long, long way” in protecting systems and data, he said.
\nBut many recent higher-education hackers didn’t gain access through unpatched systems. They made phone calls and used social engineering to access critical systems, which underscores the importance of identity and access management – and of moving to passwordless systems, Belk said. This challenge is compounded as many university systems manage multiple Active Directories and fragmented IAM systems.
\nIdentity Management Challenges
\nTo simplify and modernize environments, he recommends taking a phased approach, beginning with administrative staff and creating passwordless policies at the enterprise level. The next step is changing the student experience, beginning with the new incoming class, so new identity models become the default over time. Faculty and research staff working with legacy systems would be the last to migrate to passwordless systems.
\n “I know, by the way, for both of those,” Belk said, “In higher ed that’s easier said than done.”
\nBelk sees artificial intelligence as an area of opportunity for university CIOs, especially when it comes to addressing staffing shortages and cybersecurity.
\nGenerative and agentic AI technologies can help CIOs address staffing shortages caused by funding constraints in areas like contracting, sourcing, compliance and legal review. “With fewer people, the work doesn’t go away,” he says. “AI becomes a way to close that gap.”
\nHe also advises CIOs to consider partnering with researchers and faculty doing cybersecurity work at their own institutions.
\n“They’re usually more than willing to want to be able to demonstrate what their research can do, and it gives them and their students the opportunity to try what they’re doing in the real world,” Belk said. <\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Why Higher Ed CIOs Must Rethink Cybersecurity https:\/\/www.bankinfosecurity.com\/higher-ed-cios-must-rethink-cybersecurity-a-30579 Publish Date: 2026-01-21 17:04:00 Source Domain: www.bankinfosecurity.com…<\/p>\n","protected":false},"author":1,"featured_media":181329,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/ismg-cdn.nyc3.cdn.digitaloceanspaces.com\/articles\/higher-ed-cios-must-rethink-cybersecurity-image_large-6-a-30579.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24],"class_list":["post-181328","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181328"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=181328"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181328\/revisions"}],"predecessor-version":[{"id":181330,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181328\/revisions\/181330"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/181329"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=181328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=181328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=181328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}