Ransomware is the fastest growing malware threat, and higher education institutions are not immune to ransomware attacks that target systems and critical data files for the purpose of extortion. Ransomware is frequently delivered through spear phishing, and the malware can leverage system vulnerabilities, weak security, and the bad choices of users to deliver weaponized encryption that locks out access to data and systems. We will consider the implications of ransomware for higher education institutions while examining practical security controls that can be effective in defending against attacks.
Ransomware is easy for criminals to deploy in attacks against either individuals or organizations, and presents little risk to the adversary, who can demand ransom in cryptocurrency, without having to monetize stolen data. The availability of ransomware as a service on the dark web has made it easier for malicious actors to launch attacks. In recent data breach studies, ransomware attacks accounted for 24 percent of incidents where malware was used. The prevalence of ransomware attacks against various sectors has varied from year to year, but higher education institutions have become unfortunate targets for ransomware attacks, with some targeting sensitive data such student information systems and college admissions databases. In late 2016, 13 percent of higher education institutions had ransomware on their networks, higher than other sectors. For educational institutions with responsibility for safeguarding data related to HIPAA, it should be observed that ransomware incidents constituted over 70% of malware outbreaks in the healthcare sector.
"It might be a good idea to pick up the phone before the day is over and have a conversation with your auditors, inviting them to become your ally in cyber defense"
Our colleges and universities showcase a culture of academic freedom that promotes an openness to sharing data among faculty and students, support for a bring your own device environment, and a warm welcome for visiting professors and speakers. Protecting information in such an open environment can be a balancing act and requires a collaborative and strategic approach to mitigating risk.
“Prevention is the most effective defense against ransomware” and regarding technical controls, it is mission critical to build an IT infrastructure and environment that emphasizes multilayered capabilities. Next Generation firewall technology provides improved perimeter security, while best of breed endpoint security helps protect computers and laptops. Adopting a proactive approach to vulnerability management is important, especially for servers on your network, with regular scanning, and a coordinated process for remediating high risk vulnerabilities. Aggressive patch management both on servers and the desktop is necessary to reduce vulnerabilities and prevent machines from becoming sitting ducks waiting to be exploited by ransomware variants that keep evolving. Besides obvious security controls such as maintaining strong spam filters, email security can also leverage data loss prevention capabilities to help prevent the exfiltration of sensitive data. Universities have also strategically deployed SIEM (Security Incident and Event Management) capabilities such as Splunk in order to detect threats such as ransomware by pulling in audit log data from different systems and leveraging the power of advanced analytics and threat intelligence.
In addition to deploying multilayered technical controls, employing good management and operational controls can also strengthen your institution’s information security posture, and help defend stakeholders against ransomware. Wise strategies can include required security awareness education, promoting a culture of data governance, and making allies with auditors. The foundation of your information security program can be set on solid ground through the implementation of standards based on industry recognized information security frameworks. Protecting networks from ransomware should also be grounded on an access control policy that emphasizes managing privileged accounts based on the principle of least privilege. Federal agencies regularly employ two-factor authentication to strengthen security, which can reduce the risk of compromised accounts and defend against ransomware.
In order to prepare for adverse cyber threats, Gartner emphasizes that one of the core processes that an institution must develop and implement involves incident response planning, while testing its processes for handling security incidents. This work can involve heavy lifting, and it’s important to involve senior management in planning for potential cyber incidents, including outside the IT department. In conclusion, something you may wish to consider is making friends with the auditors!If your institution hasn’t been audited recently on its information security controls, disaster preparedness, vulnerability management, or incident response plans and process, it might be a good idea to pick up the phone before the day is over and have a conversation with your auditors, inviting them to become your ally in cyber defense.