Educational institutions should rethink their security architecture and consider leveraging a zero trust model to disrupt the lateral movement that adversaries have become so dependent upon to reach the servers storing intellectual property.
Higher education institutions have become an attractive target for cyberattacks in recent years. Research universities in particular are at risk, as they produce significant intellectual property due to all of the research and development conducted on their campuses.
Universities are also perceived to have a more open cyber culture than government or financial institutions.
These trends concern security experts, who anticipate the number of these attacks will only continue to grow.
Universities Face a Variety of DDoS Attacks
Some of the more interesting distributed denial of service attacks Akamai has observed in recent years have targeted education.
These attacks span from extremely complex to mundane. On the sophisticated end of the spectrum, some hacktivists are attacking universities with innovative techniques that span an incredibly large amount of target intellectual property.
On the more mundane side, students use commonplace DDoS as a Service tools to disrupt online standardized tests. Anyone working in information security in the information space has likely seen these mundane attacks clustered around exam time.
A Common Thread Among University Cyberthreats
What these examples show is that one attacker can wield the power to bring down an entire campus network.
Couple that with the fact that education in general is inherently a highly transitory environment — students, professors and administration are constantly arriving and departing — and you have the perfect storm for a motivated adversary to capitalize on.
Universities Can Use Zero Trust Networks to Mitigate Cyberattacks
Given the heightened threat environment and the unique challenges facing education in 2019, it is no surprise that so many security architects in education are investigating zero trust security architectures. The zero trust model encourages IT managers to forgo traditional network-perimeter security in favor of giving access per-application, regardless of whether computing is done on-premises or in the cloud.
This means moving away from the notion of a trusted network segment that exists behind a DMZ to an architecture where all network segments are untrusted. In a zero trust model, access to an application is granted based on the identity of the user. This creates a least-privilege mapping of the application that a user absolutely requires to complete their job, and nothing more.
In order to maximize gains from a zero trust model, universities should focus more on the identity of users, and at the same time integrate strong authentication and authorization for users.
This lets universities move access decisions from the network layer to the application layer, where a much richer set of signals are evaluated.
This model is proving to be more agile for managing a transitory climate with students passing through the system on an annual basis.
Adversaries are highly dependent on exploiting trusted internal networks to move laterally from an entry point to “crown jewels” targets, such as servers that house precious intellectual property.
A zero trust network can provide an opportunity to take that critical lateral movement away from the adversaries who are so determined to target the education sector.