II. Risks of Hacking Protection in Universities
1. Excessive Reporting and False Positives
An improperly configured Intrusion Detection System (IDS) may generate significant number of false positives that overwhelm universities' IT security resources and obscure valid hits. Over-monitoring of data volume or keywords / data patterns can easily exhaust limited resources and result in delay or even interruption to service provision.
2. Improperly Configured Security Infrastructure
When a security infrastructure is not able to handle the amount of network traffic, due to either insufficient consideration of traffic volume during the design stage or increased network traffic over time, some network packets may be missed or dropped, allowing certain data to pass uninspected. It may render hacking protection ineffective when unauthorised transmission of sensitive data to external parties is ignored.
3. Conflicts with System Performance and Operations
Hacking protections, especially intrusion detection systems, can cause compatibility issues when conflicting with other systems and software. For example, some application software cannot run properly on encrypted hard drive. Applications errors or performance degradation are two common results of such conflicts. In worst case, the compatibility issues may cause the abnormal termination of other security controls and expose universities' information system to even great risks.
4. Over Protection against Hacking
Universities must pay extra attention to strike a balance between risk of exploitation and operational level. Otherwise, inadequately tuned security infrastructure may cause disruption of universities' operation, waste of staff or students' time, damage to relationship with external parties such as contractors and the public. E.g. blocking employees sending sensitive data to authorised external parties; disrupting normal e-mail services used by universities.