University’s Security Teams Must Work Under The Assumption That A Successful Cyber Attack Will Occur
Response from Doron Pinhas, CTO, Continuity Software.
As higher education institutions compete for prospective students and look to improve offerings for those during scouting, registration and on campus, universities are already using innovations such as artificial intelligence-enabled teaching assistant programs and advanced data collection and analysis to gain an edge.
The IT environments on which universities depend are most often hybrid and multi-cloud, and because of all the new technologies should be available 24X7. Think about course registration system that is down exactly as everyone is trying to register.
From a cybersecurity perspective, the university’s security teams must work under the assumption that a successful attack will occur, and ensure the organization’s ability to recover its systems and data in a very short time from such an event;
One pressing area of improvement is assuring the ability to recover your data. One of the most alarming scenarios of a cyberattack is when both the data and its backup are destroyed in a hacking incident, thus leaving the organization with no way to recover.
This could be a result of a ransomware attack where encrypted data has been propagated to the recovery copies or because the attacker stole credentials allowing the deletion of both data and its backup. An attack with such consequences can derail any organization, leading to severe business outcomes.
We see many organizations looking at automating cyber resilience configuration assessments, whose aim is to ensure that recovery and backup copies of data are kept in a secure and isolated manner while meeting cyber-recoverability configuration best practices and compliance with regulations and standards and security baseline requirements.
These objectives are achieved using automatic and continuous processes of knowledge-driven IT configuration analysis to ensure compliance with vendor and industry best practices, and detection and repair of deviations from best practice.