Add a New Dimension
to Ransomware
Defenses in Education
It’s clear that ransomware attacks are on the rise, and education provides an attractive landscape for cyber thieves.
According to a recent study tracking ransomware in K–12 and higher education, ransomware cost U.S. schools and colleges over $6.6 billion in 2020. An estimated 1.36 million students were impacted, including students and staff at the University of California (ransom paid: $1.14M), the University of Utah (ransom paid: $457,000), and Imperial Valley College (ransom paid: $55,068). The twin threats of downtime (affected institutions suffered an average of seven days out of commission) and data loss (the Clark County School District revealed over 44,000 student records were affected) have consequences. Our students stand to miss out on millions of instructional hours while also confronting the long-term concerns of personal information in the hands of cybercriminals.
It is, therefore, no surprise that ransomware has risen to the top of the priority list for most education information security profession- als. Defense-in-depth is a time-tested cybersecurity tenet, and fortu- nately, ransomware defenders now have a robust new defensive layer in the form of AI-powered data governance tools. By improving con- tent awareness, these tools help educational institutions harden data against loss and better understand the extent of a potential attack.
Today’s most effective ransomware strategies focus on two defen- sive “layers.” First, reduce the number of entry points cyber criminals can find into the environment. Monitoring for suspicious activity, checking emails for malware and training users on good internet hygiene minimize risk by reducing weak entry points. Second, insu- late against loss by backing up critical data. The best backup strategies are pervasive, professionally managed and can quickly bring mission- critical data back on line.
Content awareness—knowing what data you have, where it’s locat- ed, and how it’s shared—adds a third layer of resiliency against ran- somware. With content awareness, you can tighten access, relocate data and make informed decisions in the heat (or aftermath) of an attack. To better understand how this works, consider how a cyber thief might plan, execute and monetize an attack.
Cybercriminals need to control an account before they can do any damage. But malicious email campaigns and social engineering efforts don’t always yield high-value rewards. Nabbing a “juicy” account requires more than a bit of luck. Sometimes an account has access to a wide array of files and data. Sometimes it doesn’t. The goal is to keep accounts safe, but if an attacker manages entry, it's impor- tant to minimize what exactly they can access.
Most of today’s campus ransomware mitigation strategies focus on keeping accounts safe, and that’s a great start. But these defenses are only one part of the big picture. All too often, access to sensitive data is far too broad. Least-privileges access frameworks, which bound access to only necessary data, are an effective way to limit exposure. Least privileges is a damage-limiting strategy—not a prevention or recovery strategy—that augments and adds depth to other strategies focused on keeping malware out or recovering lost data.
With most education organizations containing a daunting number of files with a wide range of private content, it’s extremely (and
By Scott Lucas
understandably) hard for even skilled campus IT teams to evaluate, understand and protect data. That means end-users often control who can and can’t see their content. And sometimes, that sensitive university document or the spreadsheet with embedded private student information is shared far more broadly than necessary. Oversharing puts about 12 percent of all critical documents at unnecessary risk of becoming a ransomware target.
Tightening access controls is where new AI-based data access gov- ernance solutions can help on campus. They work by scanning a school’s millions of documents using natural language processing algorithms to categorize content and evaluate oversharing. They have proven decisive in helping limit unnecessary access—and the ran- somware risks that come with it.
Content awareness also helps when responding to attacks in progress. Ransomware can do substantial damage to data in place, which means compromised data doesn’t have to move to be lost. Therefore, campus network perimeter protections are of limited use when it comes to spotting or stopping in-progress attacks. That introduces a new level of complexity when planning for ransomware. Education security teams need to shift focus from a few perimeter control points to thinking about how to secure—at a file-level—the staggering amount of data located across the corpus of campus data. (It’s worth noting the rise of so-called “hybrid” ransomware attacks, where data is both encrypted in place and exfiltrated. Perimeter defenses can protect against exfiltration, but they can’t stop in-place encryption.)
Ultimately, content awareness is invaluable when an IT team con- fronts the heat of unwanted encryption in progress or a subsequent ransom demand. Knowing whether to pay to recover private files and data is difficult under any circumstance. But making that decision with a complete understanding of precisely what data is at risk of loss is far better than having to make it not knowing what might be lost. An attacker often doesn’t know if what they have is valuable or not. Having content awareness can give schools the advantage in this scenario.
Ransomware is, without a doubt, a key concern for campus IT teams, and content awareness is a powerful defense. By augmenting campus anti-malware, anti-phishing and backup efforts with least- privileges access control, IT teams can reduce the damage if and when an attack occurs. Content and activity awareness establishes a baseline that informs attack responses and ransom negotiations. Security professionals and IT leaders significantly benefit when they have a clear understanding of what data is at risk.
Modern AI-based technologies autonomously scan all campus IT content—whether structured or unstructured, in the cloud or on- premises—so IT teams can benefit from content awareness without adding staff or complicating user workflows. Content awareness adds depth to schools’ existing defenses against account capture and unwanted encryption, helping organizations prepare for and respond to ransomware attacks. It deserves a place high in K–12 and univer- sity IT teams’ anti-ransomware strategies.
Scott Lucas is the Head of Marketing for Concentric AI.
Resiliency Planning
18 campuslifesecurity.com | MARCH/APRIL 2022