Innovation in Education | CAMPUS TECHNOLOGY – learn more at campustechnology.com
Planning for the Worst Day
IT security in the new normal requires a combination of human smarts, planning and preparation, peer guidance, and well-chosen technology. Anything less and you’re putting your campus community at risk.
IT HAS BEEN A HARD YEAR FOR THOSE IN CHARGE
of cybersecurity, especially so for people who handle
information security in colleges and universities. According to one report, ransomware campaigns against higher education doubled in 2020 compared to 2019, with an average ransom demand of $447,000. “This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible,” stated the director of a national cybersecurity center last fall.
The seemingly unstoppable assault on higher ed could almost be predicted. Traditionally, criminals tended to be opportunists; they’d strike at random and hope to get lucky. Now they’ve organized into highly sophisticated networks and
Two non-technical elements also play a role in the success of information management success. One is the use of community insight, such as that provided by Internet2’s NET+ program, to make sure the school is choosing the right security solutions for campus use and getting the best pricing for it. The other is making sure IT staff isn’t burdened with boring work.
cartels that will target any entity of substance they consider a viable target. Higher ed fits the profile. Schools have long collected plenty of personal data and developed valuable research while also trying to maintain an institutional personality that values openness over restriction. But the pandemic opened the floodgates, as people headed home to work and learn. As one analysis put it, “A greater reliance on home networks, a need to prioritize continuity over security and a rapid increase in points of attack will always make an organization more vulnerable to cyber threats.”
Remote access systems, including remote desktop protocols and virtual private networks, offer the most
common infection vectors, allowing an attacker to gain access to a victim’s network through weak passwords, polished phishing, lack of multi-factor authentication, insecure RDP configurations and unpatched software. Once inside the network, the attacker may destroy backups and auditing devices to thwart recovery, they may encrypt whole virtual servers, and they’ll use pre-written scripts to deploy malware to automate the destruction of other resources.
Zero-Trust and Defense-in-Depth
Some institutions are better positioned to withstand cybersecurity attacks than others. A combination of zero- trust and defense-in-depth allows these schools to defend against malware and ransomware. A zero-trust approach means that nobody is trusted, whether they’re inside or outside the network. When users try to log on to network resources, they have to verify who they are, where they are and why they should be allowed access. Defense-in-depth requires multiple, overlapping layers of security controls. Should one layer fail, another one is ready to protect.
Technology plays a critical role in cybersecurity oversight. Among the components to arm your operations with are:
ƒ VISIBILITY. Campus IT needs a consistent view
into how data flows through the network, cloud and endpoints. Otherwise, security systems will continue to be a hit-and-miss remedy.
ƒ AUTOMATION OF THE “EASY” STUFF and use of artificial intelligence to keep up with the onslaught of attacks, recognize where anomalies have surfaced and do remediation without the constant need for human intervention.
ƒ FRONTLINE DNS DEFENSE to stop bad traffic coming from a multitude of remote directions long before it hits the network infrastructure.
ƒ SMART USE OF THE PUBLIC CLOUD for maintaining secure backups without the burden or expense of doing storage administration in-house.
Two other non-technical elements also play a role in the success of information management success. One is the
2 | SPONSORED CONTENT