Email
Password
Remember meForgot password?
    Log in with Twitter

article imageQ&A: Huge increase in cyber attacks against colleges reported Special

By Tim Sandle     Oct 8, 2019 in Technology
Cyberattacks against colleges and universities are increasing dramatically, and school officials are often completely unprepared to deal with these attacks. A security expert at Jenzabar, provides some insight.
According to Gus Ortiz (Jenzabar), his company used to get calls about serious malware infections in college networks maybe twice a year. Now they’re getting lots of calls about this - including a half dozen just in August 2019. He says these attacks are spiking to all-time highs. And he says they constantly struggle to convince colleges and universities to put in place security measures before they get attacked.
Ortiz explains more to Digital Journal.
Digital Journal: Why are cyberattacks against universities increasing?
Gus Oritz: Like most crime, cybercrime is a crime of opportunity. Cybercriminals started looking at big targets with deep pockets and they demanded large sums to restore company files. As large organizations have improved their cybersecurity posture and decreased their vulnerability, the criminals have moved on to smaller targets that may not be able to pay as much but are just as vulnerable. What criminals lose by demanding less ransom, they make up for by hitting more targets. Higher Education may not be able to pay millions in ransom, but they can and do pay smaller amounts. The ransomware target has shifted from a few who pay a lot to the many who pay something.
DJ: Where are these attacks coming from?
Oritz: Most of these criminals are sponsored by or part of nation states that are looking for cash to fund their national goals.
DJ: What forms do these attacks take?
Oritz: Criminals may use phishing attempts to get their software deployed onto a workstation, then the software tries to replicate itself to as many other machines as possible before running a program than encrypts every file it can reach, whether on the local workstation or on a mapped drive or file server.
DJ: Are there any notable case studies?
Oritz: Most colleges and universities do not want to talk about what happened to them, what they did to remediate the infection, what they paid in ransom, or what data was lost. Most colleges and universities also lack the resources to do a comprehensive forensic investigation. They are focused on getting access restored to their data and getting back in business as quickly as possible.
DJ: What should students do to better protect themselves?
Oritz: Students should make sure they have backup copies of papers, reports, grades/transcripts and payments stored off their local disk or the school's file server, either in a flash drive, burned to disk, or in the cloud. If they use cloud storage, they should make sure their cloud login is not cached with their password on disk, or the program may use that open connection to encrypt their cloud files as well.
DJ: What measures should universities and colleges be putting in place?
Many colleges and universities have become lax about basic security fundamentals. Basic steps would include:
Have a robust local security policy, such as requiring complex passwords or passphrases, preset password expiration periods, limiting invalid login attempts, locking out invalid login attempts for a significant period of time, deactivating default logins like the ‘administrator’ login, reviewing admin group membership regularly and having a policy for login deactivation upon employee departure. Publish a list of passwords to NOT use. The famous hack of the Democratic National Committee emails in 2016 was possible because of phishing and the password was a variation on ‘password’.
Have an established patch routine that varies with the area to be patched. For anti-virus/malware software, be sure all endpoints have anti-virus and malware definition updates daily and AV/malware runs nightly.
For the operating system, update at least twice a month if not weekly. For applications, run updates when delivered or at least once a month. Consider keeping a copy of your critical campus data stored off-campus or in the cloud. In the event of a ransomware attack, being able to recover is less expensive than losing data or paying a ransom and hoping to get it back. Consider using a cybersecurity firm to monitor your network traffic. They can often detect and block probes into a college or university network, or stop an attack from spreading.
Cyber-theft is not going away. While threats may change over time, there will always be bad actors looking to profit at other’s expense. A final recommendation for colleges and universities would be to evaluate moving their student information system and historical data to the cloud. The right cloud hosting increases data isolation and protection from ransomware and other evolving cyber-threats. It should also offer additional alternate site backup storage to speed recovery if some catastrophic event occurs. Since cloud hosting is usually no more expensive than local hosting, colleges and universities can gain substantial protection enhancement at no additional cost. We are aware of several colleges and universities that were hit by ransomware on their campus, but their cloud hosted SIS and essential student data was untouched and essential school functions that were in the cloud remained operational.
Like most crimes of opportunity, taking away the opportunity is the best first step.
More about Colleges, University, Cyberattack, Cybercrime
 
Latest News
Top News