Colleges and universities have recently seen a startling increase in cyberattacks, especially ransomware attacks. A sophos studio (PDF) conducted in January and February 2022 found that 64% of higher education organizations had been affected by ransomware attacks in the previous year, a significant jump from 44% the previous year. Why was there such an increase?
For starters, higher education institutions hold a lot of sensitive data, including personal and financial information about students and their parents. Many universities also work with government agencies on cutting-edge research, attracting interest from nation-state actors. Part of the vulnerability problem also stems from the collegial nature of higher education, where information must be shared.
But one of the main reasons educational organizations have become such a popular brand is that they are easy targets. Institutions often struggle with the basics of cybersecurity in terms of policies, procedures, and weak defensive tools. Smaller colleges and universities often do not have dedicated information security staff, security budgets are tight, and at least one institution, there was faculty resistance to endpoint detection and response (EDR) software. due to privacy concerns. Higher education also struggles with the IT talent retention problem seen in other industries.
Weak security practices, a wide range of vulnerabilities, and slow remediation times combine to make higher education institutions a potentially profitable target for attackers. According to that same Sophos report, ransomware attacks against higher education organizations pay attackers at a higher rate than targets in other industries: 74% of ransomware attacks succeed in encrypting data, as opposed to fewer attacks. successful in sectors such as healthcare (61%) or financial services (57%).
Five steps to improve defenses
Security budgets and the realities of academic life may not change for organizations anytime soon, but that doesn’t mean institutions can’t implement changes that will make their data more secure. Here are five solid steps schools can take now to improve their defenses.
1. Implement multi-factor authentication
One of the most important steps organizations can take is implement multi-factor authentication (MFA), particularly considering the increased use of remote access in the pandemic era. Widely available tools make it trivially easy for a criminal group to find easy targets that only require a username and password to enter a network. By using stolen credentials, guessing commonly used passwords, or successfully phishing faculty and staff, they can appear to be an authorized user and bypass many controls.
2. Test and protect your backups
Reliable backup systems are essential these days, especially with the rise in ransomware attacks. Before ransomware operators inform an organization that they have been attacked, they search for and destroy the supporting data. By encrypting or corrupting the backup data, they reduce the likelihood that the target will successfully survive the attack without paying the ransom.
Protected backup systems, maintained separately from the rest of the network, allow for effective recovery strategies and can (in some scenarios) allow organizations to refuse to pay a ransom. immutable storage It’s also available through major cloud providers, preventing data from being changed or destroyed, even by administrators, for a set period of time.
3. Prioritize patch management
Applying security updates and patches in a timely manner is a basic step that organizations often overlook, leaving gaps in their network protection.
Poor patch management can be attributed to a number of factors, such as overloaded IT teams or a reluctance to deal with downtime (“we’ll do it over the holidays”). But the main cause of poor patch management is that many teams simply don’t have a routine process for patching. In many cases, teams apply and manage patches in an emergency, which is often too little too late.
Establishing a patch management schedule, and sticking to it, can reduce security risk and provide greater stability to your environment.
4. Remove local admin rights, manage global admin rights
Granting administrator rights to users who don’t need them is a widespread problem that makes life easier for attackers. Compromising superuser credentials gives attackers free rein to move around the network, install applications, change settings, and steal or encrypt data.
Maintain good user account management with powerful permissions across the entire network (for example, domain administrators in a Microsoft domain). This includes monitoring the membership of powerful groups and changing the passwords of powerful accounts when someone who knows those passwords is terminated.
5. Know what your network looks like
A good way to assess your security posture is to understand how an attacker views your network. They should only see websites, not file servers, management consoles, databases, or anything else that might be on an internal network. Regularly scanning Internet-facing systems can help organizations understand and limit their exposure. Universities can find countless open source tools and commercial solutions that do an excellent job of assessing network risk factors. Vulnerability scanning is also available free from some state governments and the US Cybersecurity and Infrastructure Security Agency.
Good cybersecurity hygiene is not expensive
Higher education institutions are a great target primarily because they have a lot of sensitive information and are often under-resourced. But colleges and universities can protect themselves by following basic cybersecurity hygiene. The five steps listed above are not complicated or expensive, but they are often ignored. Following those steps can help schools avoid becoming the next ransomware holder.
Source: news.google.com