With the fall semester coming to a close, colleges are universities are focusing on how to improve the student experience and ensure physical as well as data security.
While it’s nice to have students, faculty, and staff back together, academic institutions are not immune to the increased risk of cyberattacks that are plaguing organizations across industries. In fact, according to the FBI, ransomware incidents almost doubled during the back-to-school season compared to the first half of the year. Colleges and universities worldwide experienced a surge in ransomware attacks last year, with significant operational and financial consequences. A new report reveals that nearly three-quarters of ransomware attacks on higher education institutions succeeded, with few retrieving all of their data, even after paying the ransom.
Unfortunately, universities are a prime target for cyberattacks because of the sensitive data they house and their typically open-access cultures. With massive databases of administrator, professor, student, and alumni personally identifiable information (PII), making them a goldmine for cybercriminals. Institutions of higher learning also often have lucrative research contracts with federal agencies, making them juicy targets for industrial espionage. To strengthen defenses against ransomware threats and build stronger data security in higher education, institutions can increase their use of cyber intelligence. Not only can cyber intelligence act as an early warning system for ransomware and other cyber threats but when used proactively can also help to prevent ransomware attacks from happening in the first place.
Continuing Cybersecurity Education
The FBI, Cybersecurity and Infrastructure Agency (CISA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) recently issued a joint advisory that the Vice Society – a threat group first seen in 2021 – has been targeting the U.S. education sector with ransomware attacks. These attacks work by installing malicious software on an organization’s systems or network infrastructure that then takes over control of the information stored there. This information can be held ransom until the organization pays to get it returned or sold on the internet to other cybercriminals.
Combating ransomware and other malicious activity is typically more difficult for higher education than other industry verticals. This is primarily due to the inherent (and necessary) openness afforded by institutes of higher learning. But that doesn't mean those institutions can't do some of the straightforward things to keep their students, faculty, data, systems and network safe. Specifically, first and foremost, an institution’s IT department should demand and ensure that all software and/or firmware are kept up-to-date. When security patches are released, they should be immediately installed. Second, strong passwords should be enforced with a rotation policy if at all possible. MFA should be employed on any and all critical system access, where critical systems are identified by not just the IT department, but also by department heads. Third, constantly remind staff and students of the importance of being vigilant for phishing and related attacks. One great way to do this is using posters placed in dining halls and outside classroom hallways. When students and faculty repeatedly see them, they will - consciously and subconsciously - remember to be vigilant. And finally, invest in cybersecurity solutions that are able to use a plethora of constantly updated data sources identifying malicious actors and bad behavior with an active blocking capability. No solution is perfect, but the combination of those four things are a great way to achieve reasonable cybersecurity without undue burden.
One of the most challenging aspects of cybersecurity is the rate at which threats evolve and change. As new patches and security measures are created to fix past exploits and vulnerabilities, cybercriminals find new exploits and vulnerabilities, and the cycle begins again. Keeping people, as well as software, up to date on the latest threats is a challenge and a full-time job in and of itself – and that’s a challenge even for cybersecurity professionals! In order to combat the 'bad elements' responsible for this behavior, you have to leverage all of the 'good elements' available to you.
When a software publisher releases new security updates, we are being remiss if we aren't installing them immediately. If we're choosing a common password and not using MFA, we're not doing ourselves any favors. If we're falling victim to phishing attacks because we don't know the signs of such an attack, then someone hasn't done a good enough job educating us on what those attacks look like. If we aren't architecting new infrastructure and systems without considering how it will be attacked, then it will be compromised. If we aren't investing in the latest technologies that provide true automated, active protection that can leverage all of the available cyber and threat intelligence being generated by all of the 'good elements' out there across the globe, then we can't expect to keep pace with the ever-evolving and growing number of bad actors.
Understanding what your organization is up against can help you better prepare for inevitable attacks and help you establish an active, rather than reactive, cybersecurity defense posture.
Pat McGarry is the Chief Technology Officer at ThreatBlockr.