Be wary of extinction--ransomware can be the cause of a number of issues at institutions, including the demise of the institution itself

Here’s why ransomware is a top threat to institutions


Be wary of extinction--ransomware can be the cause of a number of issues at institutions, including the demise of the institution itself

A network where the primary line of defense is a perimeter firewall is an open invitation for savvy cyber attackers. In a ransomware attack, the breach often starts with a single compromise – a clicked link from a phishing email, a vulnerability in a trusted cloud-based app that compromises files, or leaked credentials – think old user IDs and passwords – that are stolen or bought from the dark web.

Once that compromise occurs, malware is released inside the network perimeter, and with no barriers to stop lateral movement, it can enumerate the network and infrastructure at will – and fast.

That lateral movement is what maximizes the cyberattack devastation. Once the malware breaches the firewall perimeter, it compromises additional systems and steals information. The domain controller, or identity infrastructure, allows the threat actor to gain access to nearly all internal network systems. Reconnaissance is then performed to identify sensitive data to steal, locate backup systems to prevent file recovery, and search through finance and human resources systems to identify important documents. Then, ransomware is deployed across the organization, encrypting as many files as possible. The malware leaves behind a ransom note notifying the victim how to contact the threat actor to negotiate and pay a ransom.

The price tag for slow security modernization can be significant. The University of California shelled out $1.14 million to ransomware attackers to take back control of COVID research data. The University of Utah paid $457,000 to stop cyber attackers from leaking the data they had stolen. 

And the actual ransom isn’t the only cost. Cyberattacks lead to downtime, loss of productivity, and other operational expenses, making the true cost of a breach much higher.

Stop Threats with Zero Trust

The best way to contain a threat is to never let it on the network. To accomplish this goal, the federal government and private sector organizations are turning to a zero trust architecture, which restricts access and minimizes the attack surface, thus reducing exposure to threats. It also prevents lateral movement in case of a breach.

In a zero trust architecture, no network segment is assumed trustworthy. Instead, all connections must be authenticated regardless of where or how they originate. Furthermore, granular authorization ensures access is limited to a specific resource (such as an app or a database). If the user attempts to access another resource, authentication and authorization are evaluated again.

When properly implemented, a zero trust architecture empowers administrators with simplified, granular access and an improved user experience with no steep learning curve. Simply, access is Identity-centric connecting authorized users to sanctioned applications.

Zero trust is not simply about a single technology like identity management or network segmentation; it’s a foundation for a security ecosystem. The heart of this ecosystem is the zero trust technology platform. Using a platform-based approach, users can get to any application or data they need (and are permitted to access) without ever getting on “the network”.

To guard against modern security threats including malware, hackers, criminal or state-sponsored organizations, and ransomware, higher education institutions should focus on consolidating to a unified security platform, choosing one that is expressly designed for zero trust security and high performance. Under one unified platform, institutions can operate under any conditions, at any scale, anywhere in the world, regardless of user device or location – all while guarding against costly cyberattacks.

eSchool Media Contributors

"(Required)" indicates required fields