Start With Vulnerability Management
When it comes to mitigating higher education cyber attacks, results are generally inconsistent. Comparing general funding for an R1 university against funding for an R3 university will leave your jaw on the floor. An R1 usually has more than $40 million in grant funding spent on research per year, while an R2 has more than $5 million. These classifications are only for schools that have twenty or more doctorate students graduate per year.
These research allocations generate fresh intellectual property and protected information, including research methods and analytical strategies that may not be publically available. Whether the attacker is interested in money—cold cash, cryptocurrency, or other valuable formats—or in intellectual property, they can wreak havoc with a university ransomware attack.
In 2017, numerous UK-based emergency rooms were shut down by ransomware. In 2020, universities, many of which are operating on legacy systems and software, as dictated by funding and training limitations, may be vulnerable to similar exploits.
Penetration testing is a great way to identify these issues along with improper permissions and vulnerable administrator accounts.
Maintain The Environment Beyond Change Management
Simply maintaining good change management procedures may not be enough to prevent a malicious actor from penetrating your university network. Schools' cyber attacks are reaching new heights of frequency. Barracuda reported that more than 30% of schools had fallen prey to data breaches.
Properly configuring your firewall is a strong first step in preventing data breaches, universities cyber attacks, and other malicious campaigns. If you program your firewall to allow all traffic from the internet, it cannot perform the functions it needs to. Even if you invested in the latest, cutting-edge firewall with all of the additional features available, it has to be properly configured.
You Are In Control When You Collect Your Logs
Logs help internal IT teams, consultants, and other IT service personnel determine which systems have been accessed and which data--if any--has been touched in case of higher education cyber attacks. It also helps them track down any changes to the system. Keeping a healthy log history is essential to good systems management and systems forensics.
Many cyber security attacks on schools could have been prevented with proper system management and permissioning. Without logs, however, the scope and depth of any attacks would be impossible to determine. In terms of incident readiness, proper system logging and log management are one half of the fundamental base.
Storing logs locally may be effective for small systems, but could be vulnerable to deletion in case of an improperly permissioned administrative account. Depending on which operating system is in use, they may or may not be recoverable.
To avoid this problem, we recommend you set up log centralization and exercise the principle of least privilege, including systems to change your administrative passwords regularly.
Inventory Your Systems And Data
IT asset management (ITAM) is a strategy centered around knowing what devices and data repositories belong to your organization, and who or what is accessing them. Without effective ITAM strategies in place, equipment can break, fall prey to higher education cyber attacks, or theft without anyone knowing for days or weeks.
We recommend IT asset cataloguing to prevent scenarios wherein cyber security attacks on schools went unnoticed. Part of this strategy is keeping an inventory of which devices belong on the network. This may be an excel sheet including IP address and MAC address, as well as asset type for ease of recovery.
Data cataloguing happens easiest with centralized access logging and permission management. If people do not need access to specific tools and systems for their daily work requirements, they shouldn't have it. Permission management is among the easiest ways to prevent universities' cyber attacks. One of the oldest words-of-wisdom in IT is "Never work from the Root (superadmin account)."
Interested in learning more? Sign up for a FREE Risk Assessment with a Vancord professional today.