10 steps to protect against higher ed “hacktivism”

By Meris Stansbury
September 19th, 2016

The how’s, why’s and what-to-do’s of cloud security in higher education.


According to a number of cybersecurity experts, no platform or industry is immune from data breaches, especially as targeted “hacktivism” is on the rise, says John Wethington, cybersecurity executive at Ground Labs. But if the cloud is “only as safe as the administrative credentials of a single person,” how can colleges and universities focus on identifying all of the data they have and reducing their digital footprint?

In 2015, Ken Westin, senior security analyst at Tripwire, as well as FBI experts working the case, said Penn State’s attack by Chinese cyber terrorists was part of a larger campaign targeting similar departments and groups in higher education in a search for intellectual property. Now, in 2016, during an interview with Wethington on cloud security issues in higher education, it seems this type of what he calls “hacktivism” is on the rise. [Read: “Is your institution under Chinese cyberattack?”]

“Malicious actors often choose specific industries or segments for attack because they need a clearly defined ‘target’ or simply because of political or social reasons,” said Wethington. “Nation state hacking is also on the rise and the stakes have never been higher. The race to innovate is greater than it ever has been before in human history. Any edge on a corporate competitor or rival nation can be a game changer. Institutions should focus on protecting the sensitive data including intellectual property within their organizations as a daily practice. Worry has never gotten anyone anywhere in security, but proactive measures can win the day.

And when it comes to proactive measures, Ground Labs recommends 10 specific steps as part of a comprehensive action plan to address sensitive data in college and university environments:

1. Identify all sensitive data in your environment. This can be done using automated solutions like Enterprise Recon 2.0.

2. Map all data “creation” processes.  In other words, understand how and why the data is generated in the first place.

3. Institute “least privilege” policies to reduce the number of credentialed users who have access to the data.

4. Securely delete or anonymize data that is no longer needed. If you can’t tie it directly to the operation of the institution within the last 36 months and it is not regulated data that requires retention it should be deleted.

5. Encrypt any remaining data and ensure that it remains encrypted while in transit and at rest.  Make sure the keys are locked up in a safe place otherwise the encryption is useless.

6. Continuously scan and monitor the sensitive data posture in your environment.  New data is created every day and it must be protected on every endpoint.

“Data loss should be priority number one,” said Wethington, when asked which of the Cloud Security Alliance’s (CSA) “Treacherous 12” cloud security threats was most important. “Many of the other issues listed are symptoms of the same threat. Hackers don’t create malware or break API’s for fun, they do them so they can get into the systems that contain the data. Protecting the data is why we put in firewalls, anti-virus, and anti-malware. It is why we have passwords. By focusing on data security within the institution we can quickly begin to identify the gaps in securing the data. These gaps can then be filled by solutions that meet the organization’s needs.

(Next page: Cloud security recommendations 7-10)

Add your opinion to the discussion.