Are Cyber Criminals Looking After Your Systems Better Than You?

Universities are increasingly dependent on mission-critical software systems to facilitate every aspect of their operations, from administrative functions to academic delivery. Despite the clear benefits of these technologies, many institutions are finding it more challenging than ever to allocate the necessary resources for their maintenance and improvement. Software users across campuses are craving enhanced support and should not have to choose between delivering world class student experiences and maintaining software. This challenge not only exposes them to cybersecurity threats but also prevents them from leveraging new features and efficiencies, leading to an accumulation of technical debt that becomes progressively more challenging to resolve. Insights from software providers highlight a more effective approach to managing these essential systems, emphasising the importance of proactive maintenance and the strategic allocation of responsibilities.

The Power of Ownership and Proactive Maintenance

Software providers consistently report that customers who assign a dedicated owner to major systems (fractional ownership is often just fine!) experience significantly better outcomes. This owner, empowered with the authority and resources to maintain the system proactively, ensures that the software is not only current with the latest updates and security patches but also optimised for maximum efficiency and effectiveness. This level of attention and care prevents the common pitfalls of reactive maintenance, where issues are only addressed after they have already caused significant disruption. It often takes just a few hours per month per system which should be achievable for any institution and for this matter, any business of similar size.

The Advantages of Hosted and Managed Services

Universities that opt for hosted and managed services for their mission-critical software witness increased success. These arrangements relieve the institution of the day-to-day burdens of software maintenance, as the service provider assumes responsibility for ensuring the system is up-to-date, secure, and running optimally. This model not only enhances security and operational efficiency but also allows already stretched university IT staff to focus on strategic initiatives rather than routine maintenance tasks.

Learning from Reactive Responses to Cyber Attacks

A concerning trend observed by software providers is the reactive approach many universities adopt following a cyber attack. Institutions often make sweeping changes to their IT maintenance and management practices only after being a victim. This includes adopting all the measures previously mentioned—assigning system owners, investing in proactive maintenance, and transitioning to hosted and managed services. While these actions significantly improve the institution's resilience and operational efficiency, it's unfortunate that a disruptive event is frequently the catalyst for such improvements. Universities are finding £millions to rescue and repair during and after instances of cyber crime, which could often be prevented, by using much smaller sums more proactively.

Finding a Proactive Path Forward

To avoid the pitfalls of reactive management and safeguard their digital ecosystems, universities must adopt a proactive stance towards software maintenance:

1. Assign System Owners: Ensure every major system has a designated owner with the authority and resources to maintain it proactively. One system owner might be able to manage and maintain from a handful to over a dozen systems dependant on scale and reach.

2. Opt for Hosted and Managed Services: Consider shifting to hosted and managed service models to alleviate the maintenance burden and enhance system security and performance. IT teams are stretched and under an incredible amount of pressure, one CIO mentioned that after a 2023 cyber incident, his team worked for 80 days straight to return to an operational state.

3. Learn from Others: Recognise the pattern of reactive changes following cyber incidents and choose to implement strategic improvements proactively, before disaster strikes. If you require further evidence, just Google "University Cyber Attack".

4. Integrate Maintenance into Strategic Planning: Elevate software maintenance as a priority within the institution's strategic planning processes. This has to come from the top, users on the ground are working often day and night to deliver world class student experiences and need enhanced resource and support. Whilst this is easier to say than to do right now across the Higher Education landscape, the sad truth is that without this investment, it's likely still to cost but via a challenging cyber attack. It's not uncommon to hear a university use language like "it's not if, but when" nowadays.

5. Foster a Culture of Cybersecurity Awareness: Engage the entire university community in understanding the importance of proactive software maintenance and cybersecurity measures. Good system hygiene should be habitual and not just a one off.

By taking these steps, universities can not only mitigate risks but also unlock the full potential of their mission-critical software systems, ensuring they are robust, secure, and capable of supporting the institution's evolving needs. The transition from a reactive to a proactive approach in software maintenance represents a strategic investment in the university's future, one that promises to deliver results  in operational efficiency, cybersecurity, and educational excellence.

... Multiple fatalities are required to erect a speed camera in the UK, don't be like speed cameras.