The Biggest Cybersecurity Threats for Higher Education
Malware/Ransomware
One of the top cybersecurity threats for higher education is ransomware. Oftentimes the large number of unmonitored endpoints a college has leads to the security team not being able to detect and respond when malware is introduced to a system.
Many universities have trouble keeping up with the malware getting into the systems from multiple avenues. Additionally they have a difficult time being able to monitor and log this activity. Techniques and attack vectors are advancing quicker than many university security team’s capabilities. Reports are showing criminals have been accessing university networks through student accounts.
Insider Threats
When the term insider threat is used, it’s not necessarily that the employee is the bad actor. It’s simply identifying the employees account has been compromised and taken over by a criminal. A bad actor is using an internal account to carry out their criminal activity. We see insider threats as a very large issue. University IT departments oftentimes don’t have the capability of monitoring or detecting if and when an account has been compromised and being used against that organization. Criminals tend to attack the account of someone who has high enough privileges to access the most amount of data. Depending on the data the criminal is able to access, this can quickly turn into a ransom event.
Lack of Resources
A Security Operations Center (SOC) usually has around ten to fifteen people supporting a university. Most of the time these are simply operational IT personnel trying to wear the hat of a security person. Criminals know colleges and universities don’t have the time, resources, or budget to keep up with the threats. This is why higher education institutions have become the targets for cyberattacks more and more frequently.
The Best Ways Universities Can Prevent Cyberattacks
Preparation
What you need today is a good method for being able to determine anomalous activity for account compromises. You have to be able to monitor and analyze logs in real-time. Real-time analysis of logs help you determine when accounts are compromised or that the institution just received a phishing email. Academic institutions also need to utilize artificial intelligence and machine learning inside of their mixture of tools. This will help them comb through the millions of logs that your environment produces on a daily basis. This of course is true if the security analysts are trained in what to look for and know how to use the software.
Put automation in place
Universities have to have security automation in place to keep up with today’s threats. The moment a system detects bad activity you need the ability to minimize dwell and response time. Dwell time will make matters worse if the attack is able to spread, potentially compromising more accounts and affecting more systems. Automation can allow your team to minimize or quarantine threats as fast as possible.
Have a plan in place before the attack
Universities should have a proper plan in place for remediation. Organizations should think through how they are going to remediate attacks? Who’s going to be involved? How are we going to carry out the messaging? What roles and responsibilities will each person or position take? Who else will need to be involved if an issue arises? Thinking through this process will help prevent dwell time after the attack has been initiated. Therefore, you can’t plan to prevent an attack while the attack is happening, so premeditation on how to respond is paramount. This will ensure that each member of the security team will already know who is getting involved and what they should be doing to stop the attack as fast as possible, and minimize any harmful effects.