Icon (Close Menu)

Logout

UA’s Stephen Tycer on Evolving Cybersecurity Trends & Challenges in Higher Education

2 min read

Stephen Tycer has more than two decades of experience in compliance standards, technology and network security management. He joined the University of Arkansas as chief information security officer in 2020.

Tycer has a Bachelor of Science in computer science from Texas State University.

How have you seen the cybersecurity industry evolve over the years and what does the landscape look like now?

The cybersecurity industry initially focused on strong firewalls, antivirus scanners and intrusion detection systems. As these technologies matured and became less appealing targets for cybercriminals, attackers shifted their focus to more advanced tactics. This evolution led to the rise of enterprise detection and response, security information and event management, multifactor authentication (MFA) and artificial intelligence tools. In response, bad actors moved away from straightforward attacks on firewalls and systems, adopting more asymmetric strategies. These include phishing, identity theft and exploiting third-party access to bypass security measures. Currently, the industry is placing significant emphasis on improving identity and authentication technologies, particularly MFA. The transition is underway from traditional methods like SMS and phone-based authentication to more advanced, phishing-resistant MFA solutions.

What unique cybersecurity challenges do higher education institutions like the UA face?

Universities face several unique challenges, chief among them their core mission of disseminating knowledge and driving positive societal impact. They grapple with balancing the seemingly contradictory goals of fostering open collaboration while safeguarding sensitive student, financial and research data. Another significant challenge is securely delivering distributed services to unmanaged and mobile devices. This raises the question: How can services be provided securely, anywhere, anytime and on any device? While this is a common challenge across organizations, it is particularly pronounced in the budget-constrained environment of higher education.

How do you balance security needs with the accessibility requirements of a large university?

By identifying and categorizing its diverse assets, from student data to research information. A thorough risk assessment is conducted on sensitive assets to determine vulnerabilities and potential threats. Based on these findings, we implement security controls that align the university’s overall security posture with its access requirements and risk tolerance. This approach ensures a robust defense framework while maintaining the open, collaborative environment essential to academic excellence.

Send this to a friend