It’s fairly easy for higher ed IT and security staff to speculate about their — and their institution’s — cyberattack preparedness, but to actually be prepared? That’s another matter, and it’s difficult to gauge.
The software company Symantec wants to put that cyber-readiness in context for colleges and universities by hosting its first Higher Ed Cybersecurity Competition this fall, in which university IT staffs around the country will form teams and participate in advanced cyberattack simulations based on real-life scenarios.
“It’s not just about the competition,” Aaron Cohen, a director in Symantec’s cybersecurity services division, told EdScoop. “It’s about the content, the skills development, and frankly, all the learning that goes into it.”
The no-cost, two-day higher ed challenge was inspired by a similar competition Symantec has held among its employees for years. Cohen expects participating university IT teams to leave with many of the same takeaways his colleagues at Symantec have: the ability to identify hidden talent within IT departments, real-world experience through advanced simulations, teamwork and camaraderie.
Each institution is allowed up to three teams of four participants — all from within the IT and security divisions on campus.
Through the competition — which will be held online Oct. 19-20, as part of National Cybersecurity Awareness Month — information technology specialists in higher ed will have the opportunity to take advantage of “state-of-the-art simulations, platform and content technology that, quite frankly, they don’t have access to otherwise,” Cohen said, because, for the most part, college and university IT departments “just don’t have the budgets.”
Symantec, meanwhile, is hoping to use this event to showcase the company’s strengths in areas that people don’t typically associate with the brand, Cohen said. “We’re innovating and doing really neat things here. By giving back to the community and giving [colleges] means they wouldn’t otherwise have, it allows them to see what we do at Symantec. .. It shows our innovative side.”
This competition will serve two primary purposes. First, it will allow the IT specialists to see first-hand if they are as adept at identifying and responding to cyberattacks as they may think. And second, it will allow each college to see how it performs relative to its peer institutions. “They’ll find out — are they ahead of the game? Are they behind the game?” Cohen said.
“They can expect tons of different areas of security to be covered. [It will be] very interactive with live systems and realistic skills development,” he added.
During the competition, participants will assume the role of a cyber attacker to understand their motivations, then they will switch to the other side and practice offensive and defensive skills needed during a cyberattack. They’ll also work through the five stages of an attack: reconnaissance, incursion, discovery, capture and infiltration.
Symantec’s platform can simulate fake financial institutions, governments and nation states, Cohen said. It can also replicate and incorporate into the game the latest threats, vulnerabilities and attacks. For examples, a couple of years ago, they imitated the ShellShock security bug and added it into the game about a month after the vulnerability had become public.
The types of threats depicted in the challenge will be ones that afflict universities across the globe — and with increasing frequency. “These [attacks] are obviously extremely important and prevalent and relevant,” Cohen said, adding that it makes this real-world cyber experience also important and relevant.
Initially, Cohen and his colleagues were hoping to get 30 or 40 universities to create teams, he said. Since this is the first year doing it, they aren’t sure what to expect, but he said the level of interest so far indicates they will easily exceed his original expectations.
The winning teams will be recognized at an event during EDUCAUSE’s annual conference in Philadelphia, which is scheduled to run from Oct. 31 to Nov. 3.