2024 EDUCAUSE Horizon Report: Cybersecurity and Privacy Edition


These are, in many ways, tumultuous times. Global political movements and ideologies continue to erode social ties and disrupt state and national legislative processes. Wars in Eastern Europe and the Middle East threaten to destabilize the global order. And new AI-powered technologies are evolving at breakneck speed, offering the world both the promise of new utopian capabilities and the threat of dystopian collapse. Against this backdrop of seismic change, higher education cybersecurity and privacy professionals must navigate new questions around what needs to be done to keep our institutions and our students safe and secure. This report summarizes expert panelist discussions on these and other emerging trends and offers reflections on where the future of higher education may be headed.

https://tinyurl.com/3ynda58w

| Artificial Intelligence |
| Research Data Curation and Management Works |
| Digital Curation and Digital Preservation Works |
| Open Access Works |
| Digital Scholarship |

"The British Library Hack Is a Warning for All Academic Libraries"


The British Library’s computer systems were recently attacked by the notorious ransomware group Rhysida. The attack led to many of the Library’s core systems remaining unavailable for months and the auction of 573GB of employees’ personal data on Rhysida’s .onion site. Though the Library is slowly recovering and has admirably published their cyber-incident review paper openly, the incident highlights failures of senior management and devaluing of library technical skills that are widely applicable to libraries across UK higher education.

https://tinyurl.com/bdex73fv

| Research Data Curation and Management Works |
| Digital Curation and Digital Preservation Works |
| Open Access Works |
| Digital Scholarship |

Paywall: "GPT-4 Developer Tool Can Hack Websites without Human Help"


OpenAI’s artificial intelligence model GPT-4 has the capability to hack websites and steal information from online databases without human help, researchers have found. That suggests individuals or organisations without hacking expertise could unleash AI agents to carry out cyber attacks.

http://tinyurl.com/24u7bnud

| Research Data Curation and Management Works |
| Digital Curation and Digital Preservation Works |
| Open Access Works |
| Digital Scholarship |

"Deepfake Scammer Walks off with $25 Million in First-of-Its-Kind AI Heist"


The scam featured a digitally recreated version of the company’s chief financial officer, along with other employees, who appeared in a video conference call instructing an employee to transfer funds.

http://tinyurl.com/9aspy8u7

| Research Data Curation and Management Works |
| Digital Curation and Digital Preservation Works |
| Open Access Works |
| Digital Scholarship |

Pew Research Center: What Americans Know About AI, Cybersecurity and Big Tech


Overall, Americans answer a median of five out of nine questions correctly on a digital knowledge survey that Pew Research Center conducted among 5,101 U.S. adults from May 15 to May 21, 2023. The questions span a range of topics, including cybersecurity practices, facts about major technology companies, artificial intelligence and federal online privacy laws.

Some 26% of U.S. adults can answer at least seven of the nine questions accurately, but just 4% can correctly answer all nine.

https://tinyurl.com/582bwmf3

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |

"Digital Information Security Management Policy in Academic Libraries: A Systematic Review (2010–2022)"


Digital information security management (DISM) is considered an important tool to ensure the privacy and protection of data and resources in an electronic environment. The purpose of this research is to look into the applications of DISM policies in terms of practices and implementation in academic libraries. It also identifies the challenges faced by academic libraries in applying these DISM practices regarding policy. A systematic literature review was conducted to achieve the objectives of the study. . . . A few libraries have developed a mechanism to protect and secure users’ sensitive data from hackers, viruses, malware and social engineering. Findings indicated that both organisations and users trust libraries due to their strict privacy and data security policies. However, some academic libraries did not adopt and implement DISM policies in their organisations, even though they had written DISM policies.

https://doi.org/10.1177/01655515231160026

| Research Data Curation and Management Works |
| Digital Curation and Digital Preservation Works |
| Open Access Works |
| Digital Scholarship |

Paywall — NYT Wirecutter: "Why Every Twitter User Should Archive and Lock Down Their Data"


Now is a good time to take steps to lock down your Twitter account, grab what data you can, review where you’re using Twitter to sign in to other online services, and delete anything you’d rather not live on a site that may be on its last legs. Taking these steps could protect you from identity theft or private messages being made public

https://cutt.ly/oMZDWod

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |

"Is Mastodon Private and Secure? Let’s Take a Look"


For basic security, instances will employ transport-layer encryption, keeping your connection to the server you’ve chosen private. This will keep your communications safe from local eavesdroppers using your same WiFi connection, but it does not protect your communications, including your direct messages, from the server or instance you’ve chosen—or, if you’re messaging someone from a different instance, the server they’ve chosen. This includes the moderators and administrators of those instances, as well. Just like Twitter or Instagram, your posts and direct messages are accessible by those running the services. But unlike Twitter or Instagram, you have the choice in what server or instance you trust with your communications. . . . Two-factor authentication with an app or security key is available on Mastodon instances, giving users an extra security check to log on. The software also offers robust privacy controls: allowing users to set up automatic deletion of old posts, set personalized keyword filters, approve followers, and hide your social graph (the list of your followers and those you follow). Unfortunately, there is no analogue to making your account "private. . . . Mastodon users can mute, block, or report other users. Muting and blocking works just as you’d expect: it’s a list associated with your account that just stops the content of that user from appearing in your feed and prevents them from reaching out to you, respectively."

https://cutt.ly/mMZIEtS

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |

"Data Cartels:The Companies That Control and Monopolize Our Information"


Just a few companies dominate most of our critical informational resources. Often self-identifying as "data analytics" or "business solutions" operations, they supply the digital lifeblood that flows through the circulatory system of the internet. With their control over data, they can prevent the free flow of information, masterfully exploiting outdated information and privacy laws and curating online information in a way that amplifies digital racism and targets marginalized communities. They can also distribute private information to predatory entities.

https://www.sup.org/books/title/?id=33205

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |