Question: What are some tips and guidance for educational entities to ensure the safety and security of their IT data. What steps can and must IT leaders in schools, colleges and universities take to protect their back end data and information, and what should they be most aware about the current threat landscape?
Educational institutions are especially have unique challenges because of the large variety of different end-points that are brought into their environments. It is critical that the IT data is segregated from the networks that can be accessed by these un-managed end-point devices (such as personal mobile phones/laptops etc.). Once the IT data is isolated from the internal unintentional harm, the infrastructure security posture needs to be hardened by modern and thorough unified threat management (UTM) system.
The key tip is to keep these UTM systems up to date and current to avoid new threats. For easier consumption of UTM services, a cloud delivered UTM can be leveraged either instead of or in conjunction with on-premise based UTM solutions. In either case, considering a managed UTM solution should be considered as this will provide the security that the organization needs without significant IT effort, but rather receiving the benefits as a managed service.
Schools are especially prone to ransomware attacks, due to the combination of weak security protocols, out of date computer equipment, and a lack of skilled staff. Digital infections can spread among school computers much the same as biological germs spread among students. Security is unfortunately quite a lot like a treadmill – it never stops. You can never arrive at a state of solid protection, because what was good enough yesterday won’t be good enough tomorrow. New vulnerabilities are continually being found. The need to invest in basic online hygiene is constant.
The best security leaders have given up on implementing perfect protection, focusing instead on Digital Resilience. It’s not possible to stop every attack, but it is possible to plan ahead for how you will withstand and recover from attacks. This requires detailed knowledge, ahead of the attack, about your whole network, so that you know how to recover when any part is damaged.
Schools plan for many different kinds of disruptions – extreme weather, earthquakes, etc. What all schools have in common is they are online, and this means planning for an online disruption is mandatory. A good way to start is by mapping out the school’s network of resources, to understand what depends on what.
Sivan Tehila, director of solution architecture, Perimeter 81
Cyberattacks are becoming more and more frequent and sophisticated. While at the same time, many organizations are adopting cloud-based infrastructures. This is why cloud accounts are being targeted more than ever. The easiest way to hack into your cloud environment is by exploiting the cloud account credentials. As well, there are many different types of threats for cloud environments, such as cryptojacking, insecure APIs (application programming interfaces) and more.
However, insufficient Identity accesses are the best vulnerability for an attacker to exploit. This is why we will probably see a high demand for identity providers and single sign-on capabilities and especially Zero Trust remote access solutions.
Response from Samir Tout, professor of information assurance, School of Information Security and Applied Computing, Eastern Michigan University.
Samir Tout
In the last decade, we have witnessed a shift in the IT landscape with the rise of cloud computing, mobile devices and the Internet of Things (IoT). As a result, a new era has begun—one that brings along promising infrastructural enhancements, albeit with new challenges to the modern enterprises, including educational institutions. This necessitates that IT leaders at schools and universities perform a thorough analysis of how this will impact their systems, networks, and most importantly their data.
Educational institutions produce a massive amount of data about their students and staff. Such data constitutes a luring treasure trove for hackers who may launch advanced attacks against various layers of the school/university systems. IT leaders at these institutions must pay attention to key measures that are still common even to a great degree to the modern IT landscape.
If established, these measures would mitigate or possibly eliminate the risks of potential intrusions. They include: system hardening, secure perimeter architecture, anti-malware and endpoint defenses, strong encryption, establishing and adopting security policies, and applying information security principles such as least privilege, separation of duties, and role-based access control.
Furthermore, one of the most forgotten yet important measures is security awareness training and professional development for the staff that maintain the institution’s infrastructure. This has become even more vital with the advent of the modern IT landscape mentioned above, as staff members must stay up-to-date or otherwise risk being ill-equipped to properly maintain the infrastructure and its hosted data.
IT leaders must set strategic goals that embrace the above measures as part of the fabric of the institution. This means, among other things, that they include them in their strategic plan, allocate proper budgets for them, and support them with resources and, when necessary, expedited approvals.
Good cyber hygiene is critical to protecting “back end data.” Regular software updates and patch management are critical in mitigating known software vulnerabilities.
Two-factor authentication is vital to hedge against phishing and other social engineering attacks. Appropriate data encryption serves to protect critical data. And, vulnerability scanning/management of the environment is key to identifying and closing all known system vulnerabilities.
Modern firewalls and end-point protection protect against ransomware and reduce the overall threat landscape. And cyber security awareness training for all users is critical to help them understand common social engineering-based threats and attacks. Assess and validate cyber security controls in place to protect data stored in any hosted/cloud-based system.
The current IT landscape is full of concerns. Anything that cybercriminals can monetize is a risk. Probably the most common problem I hear about is ransomware, which can be addressed by managing patches/updates and ensuring off-site backups are regularly completed (and isolated).
Schools are especially prone to ransomware attacks, due to the combination of weak security protocols, out of date computer equipment, and a lack of skilled staff. Digital infections can spread among school computers much the same as biological germs spread among students. Security is unfortunately quite a lot like a treadmill – it never stops. You can never arrive at a state of solid protection, because what was good enough yesterday won’t be good enough tomorrow. New vulnerabilities are continually being found. The need to invest in basic online hygiene is constant.
Cyberattacks are becoming more and more frequent and sophisticated. While at the same time, many organizations are adopting cloud-based infrastructures. This is why cloud accounts are being targeted more than ever. The easiest way to hack into your cloud environment is by exploiting the cloud account credentials. As well, there are many different types of threats for cloud environments, such as cryptojacking, insecure APIs (application programming interfaces) and more.
