Although Cybersecurity Awareness Month has officially passed, it doesn’t mean bad actors have gone into hiding or critical vulnerabilities have disappeared.
As higher education has dramatically transformed and continues to do so thanks to the pandemic, there are more complexities to an institution’s infrastructure and network operations that didn’t exist 18 months ago.
Cybersecurity and ransomware attacks ramping up
Attackers are opportunistic in nature. As our institutions’ information increasingly moves away from the data center down the hall and our people are increasingly no longer behind firewalls, the adoption of new technologies to maintain visibility and control takes time – and vulnerabilities can creep in.
Many organizations are struggling with ramping up their teams, knowledge, and awareness around cloud identity, cloud storage, and how to properly re-baseline their security posture. Unfortunately, many successful attacks are not complex but are simply taking advantage of the gaps within the college’s network.
Shoring up your information security efforts
Institutions and their IT teams should know what they are protecting and confirm which risks have been mitigated versus those that have not. Cloud adoption, the shift to remote learning and remote work, and shadow IT all contribute to potential blind spots that can catch teams off guard even with the best technologies in place.
It’s also important to connect with and listen to your constituents. A university’s leadership teams, peers, and external parties, including outside counsel, regulators, and insurance providers, are all on your side–nobody wants to deal with a breach event. Find out what they care about (where are your “crown jewels”) and get their support to identify security champions across the extended organization who can scale the visibility into potential vulnerabilities.
In addition to getting cross-departmental support and buy-in, review your incident response plans and ensure they are getting updated on a regular basis. One of the best things an institution can do is a “table-top test,” which is a simple walk-through of your plan using a particular “what if” scenario. Clearly designate your key internal and external contacts, including vendors, law enforcement, and insurance providers. Identify and compile a list of all resources that can quickly mobilize to support your institution.
Take your risk temperature with assessments
There are many excellent resources available for building out or improving a higher ed risk assessment program. Understanding your critical data and related data flows is an excellent start. From there, focus on new service introduction and on having productive conversations with your constituents who are looking to bring on new technologies. Methodologies as simple as the Mozilla Project’s Rapid Risk Assessment or more advanced Threat Modeling frameworks such as STRIDE help to frame an understanding of data types, data flows, and threats, and can help align the institution towards high-level security objectives. Next, go back through your existing services to build out additional risk management backlogs. Many organizations re-assess critical systems on an annual basis.
Technologies and threats evolve – so should your security roadmap
Staying on top of new technologies and new threats is job number one. Learn from other institutions’ experiences to further tune your security roadmap. Many organizations have moved events such as security conferences and CIO summits to online formats. Make a point to attend more of these and take plenty of notes to feed your plans. Subscribe to alerts from your vendors, partners, and public agencies such as CISA to understand where attackers are focusing their efforts. We’re all in this together.
When looking for technology partners to support a new initiative or digital transformation efforts, information security transparency is key. Institutions should use resources such as EDUCAUSE’s Higher Education Community Vendor Assessment Tool for a head start on knowing what questions to ask. Find out how well the solution fits into your technology plans. Can it feed into your security tools? Does it support your identity management strategy?
Getting in front of vulnerabilities and the last stage of an attack – ransomware
Ransomware is what can happen in the late stages of an attack. There needs to be a way onto the network, and typically some level of identity and/or device compromise before attackers can deploy ransomware or malware or start to identify and exfiltrate key data. Protecting your institution at these early stages will go a long way towards protecting you in the latter stages. This means that the basics are still important – patch management programs, multi-factor authentication for all remote access, and strong endpoint security controls such as EDR/XDR solutions can help prevent and identify the early stages so your teams can react quickly.
With a mix of private and public clouds, a diverse constituency, and different access points at every turn, institutions face an increasingly complex and growing threat against breaches in information security – some based on malfeasance and others simple negligence. Getting ahead and staying diligent with your information security efforts on a 24/7 basis will minimize risk and safeguard your entire community.
Richie Rodriguez is the Chief Information Security Officer at Anthology.
- A bungled FAFSA rollout threatens students’ college ambitions - April 19, 2024
- Using real-world tools to prepare students for the workforce - April 18, 2024
- 8 top trends in higher education to watch in 2024 - April 16, 2024