According to one report, ransomware attacks against higher education doubled in 2020 compared to 2019, with an average ransom demand of $447,000. Traditionally, criminals tended to be opportunists; they’d strike at random and hope to get lucky. Now they’ve organized into highly sophisticated networks and cartels that will target any entity of substance they consider a viable target. Higher ed fits the profile, but some institutions are better positioned to withstand cybersecurity attacks than others. A combination of zero-trust and defense-in-depth allows these schools to defend against malware and ransomware. Ultimately, the job of the cybersecurity professional in higher ed is to “plan for the worst day,” as one cybersecurity expert recently noted during a Campus Technology leadership summit. But how can agencies overcome these obstacles to adapt to an increasingly targeted and threatening cybersecurity landscape? Learn how your institution can safeguard against threats, overcome evolving technical demands, and more in Carahsoft’s Innovation in Education report.
Gaining Total Visibility
“We can no longer piece together a set of disparate tools to solve acute security or compliance issues. Really, the only way forward is to use a mix of integrated security technologies that deliver, first, a view into traffic and, second, a flexible enforcement model that relies on artificial intelligence and machine learning to identify attacks. The solution starts and ends with visibility. The goal is to understand how data flows through the network, cloud and endpoints so that IT can provide a consistent security view no matter how services are being used. It’s important to understand how your users are tapping those services and to surface those things that traditional tools can’t see. As one example, we have a service called Xpanse, which will take an outside-in view of the network and start to build relationships, looking at how endpoints are interacting with other endpoints that are outside of the network, contributing to the building of a map showing how the institution is connected to the rest of the world.”
Read more insights from Palo Alto Networks’ Security Strategist, Hunter Ely.
A Unifying Viewpoint for Security
“Automation of the easy security work — known threats, known responses, malware detection, cleanup — addresses both problems, and everybody wins. The campus gains better operational success. And when humans don’t have to intervene with the ordinary, they’re free to do more interesting work. They grow in their positions, because they’re not just clicking buttons all day. Automation is especially important in an era of remote status quo and zero-trust. IT has to assume that there’s a high probability of any authentication request being nefarious. And that means being able to look at data in context: Is this person at a higher risk? Is the laptop or smartphone compromised? Should we let them on the network today? Have we scanned this device in the last three days? Then let’s not allow them access to this HR data. If they get their machine scanned, then they can come back and try again. While higher ed has long been predicated on allowing open access, now that can only happen when it’s the appropriate thing to do. Users have to be classified — student, researcher, staffer — and access has to be controlled. When everything looks normal, they get unfettered access. But when their machine or account is compromised, the access should be denied. Easier said than done, right?”
Read more insights from Splunk’s Minister of Magic, Jesse Trucks.
AI and the Carrot Approach to Zero-Trust Network Access
“Some 20 years ago, I was outfitted with a BlackBerry device, and it was the first time I could get e-mail from the road. But it wasn’t the built-in keyboard that made that device so special. It was really the fact that my organization’s IT department trusted the BlackBerry security model so deeply, I could use my device to access sensitive corporate information. BlackBerry’s mission hasn’t changed. But now, that security emphasis is used to secure some 500 million endpoints — including cars — produced by various companies. That’s why higher education has rediscovered BlackBerry. The university IT organization trusts the company to keep devices secure, whether they’re owned by the institution or individual people — students, staff or faculty. And now, without having to use a college-owned device that navigates through the college-owned firewall, users can once again be liberated, just like we were two decades ago, when we first got a taste of the freedom allowed by mobility.”
Read more insights from BlackBerry’s Director of Sales, Chris Russo.
Protecting the Campus from the Outside In
“Is it any wonder threats are on the rise? As the number of system and data breaches rack up in higher education, security experts have adopted a defense-in-depth stance. Putting multiple defensive measures in place begins with a baseline security posture that wants to understand everything coming into and going out of the network, preferably in real time. The tricky part is achieving that level of visibility and response when the threats could originate from any one of the many thousands of devices accessing institutional resources. One route is deploying domain name system (DNS) security. Let’s think about DNS for a moment. It may be decades-old but it’s still heavily relied upon; without it, the entire network is shut off from the internet. Regardless of their location, endpoints require DNS to connect to any application, service or data source. And so does malware, which uses DNS at multiple stages of an attack. That’s why DNS is a marvelous transport system for malfeasance. Traditional security mechanisms don’t police it well because there’s so much of it — millions of DNS queries a day for the typical university.”
Read more insights from Infoblox’s Director and General Manager for U.S. Education, Rufus Coleman.
Uncovering the Hidden Costs of Cloud Security
“While the public cloud has been a boon for higher education on many fronts, it has also become a conundrum, especially when it comes to storage for the purposes of security and safety. As the needs add up, so does the expense. The first not-so-hidden cost is the baseline cost of data storage. As an example, think about the capacity required to sustain video recordings of people entering and exiting buildings on campus. A network of 100 cameras, each capturing 8 frames per second with a modest resolution of 720 pixels, operating continuously at just medium quality, would require 200 terabytes of capacity. On Amazon Web Services, the cost for storing 200 TB on S3 would be about $56,000 for the year. If the institution were to upgrade to newer cameras capturing 15 frames per second at 1080 pixels, generating five times as much data — a full petabyte — the expense would quintuple, to about $289,000. Microsoft Azure would be slightly under that ($262,000) and Google Cloud a bit more ($327,000). Second, there is the additional hidden cost of the traditional route those cloud storage providers follow for transactions related to the data. They’ve all predicated the value of their services on fractional pricing (a tenth of a penny for this, a couple of pennies for that) for seemingly insignificant activities, such as egress or API requests.”
Read more insights from Wasabi’s Senior Director of Product Marketing, David Boland.
Staying on Top of Cybersecurity: A Conversation with Two University CISOs
“In March 2020, I was feeling more comfortable in terms of what our border looked like and the things that we were protecting our constituents from. Then the pandemic happened and people started grabbing devices off of their desks and old laptops out of storage closets and dragging them home to put on home networks — and who knows how they were being secured, if they were being secured at all. I thought I had a fairly good plan in place and tools deployed across my infrastructure to protect us, but that was all out the window. And so, over the last year we’ve been looking at services and products we can deploy that will protect our users as well at home as we could when they were on campus. And there’s nothing like having a community of your peers to have those conversations with and to learn what they’re doing, how long it took them to get there, what bumps they ran into along the way and ultimately, how they were able to steer around those. That’s significantly beneficial to all of us, and that is a huge value of participating with Internet2 overall and through the NET+ program for specific cloud and security solutions.”
Read more insights from Tom Dugas, CISO for Duquesne University, and Rick Haugerud, CISO for the University of Nebraska-Lincoln.
Community-Powered Problem-Solving
“We facilitate the community engaging with each other to identify best practices. For example, let’s say there’s a particular challenge that a campus is trying to figure out. They may go into a community call, where campuses can ask their peers: How do you solve this problem? And then they can get immediate feedback. Or there are many ways institutions collaborate digitally, including e-mail lists, Slack channels and wikis, where they can engage with peers to identify best practices. That is all part of the NET+ program, where advisory boards and community events help to foster more optimal service offerings and benchmarking. And a program manager like myself is engaged with and supports these types of discussions. After a number of campuses have verbalized similar challenges, we’ll realize maybe there’s something there that we need to write up, to share broadly with the community, where they can look at a frequently asked questions repository and find the answers to their questions. And that’s even faster than going and asking their peers.”
Read more insights from Internet2’s Program Manager for Security and Identity, Nick Lewis.
Download the full Innovation in Education report for more insights from these cybersecurity thought leaders and additional industry research from CampusTech.
Disaster Recovery in the Age of Ransomware
“A multicloud approach can be a double-edged sword, with benefits and risks. When agencies have access to a cloud environment, it’s easy for them to spin up new compute resources or storage solutions. But this flexibility opens up risks in terms of performance and security. Even when an agency is working with public cloud service providers, it’s the agency’s responsibility to make sure its resources are configured properly. Many data leakage incidents in the cloud are the result of a configuration issue. Furthermore, in a multicloud environment, technologies are created independently of one another and won’t always work well together. Agencies must make sure they have the appropriate visibility across multicloud environments and on-premises systems so they can understand and manage all aspects of their IT systems. This includes controlling costs and decommissioning purpose-built cloud resources when they are no longer needed.”