1. Support Cloud Expansions with Dedicated Security
Higher education institutions increasingly turned to the cloud in 2020. Earlier this year, Damian Doyle, assistant vice president for enterprise infrastructure solutions at the University of Maryland, Baltimore County, told EdTech, “I think [the pandemic] has done in a period of weeks and months what would have taken years and decades, in terms of adoption.”
Leapfrogging into the cloud brought speed and agility, but also broadened institutions’ attack surfaces. IT leaders need to ensure that the right security protocols are in place to support a cloud-based environment.
According to FireEye, these include:
- An updated access and identity management (AIM) system: Ensure the right people have access to the right information and applications.
- Full and accurate tracking of cloud assets: Accomplish this, if needed, with help from cloud security posture management tools that can detect risky misconfigurations.
- Clarity and communication with providers: IT teams need to know exactly which security elements the cloud provider manages and which elements the university needs to address.
2. Work With Tech Partners to Monitor the Larger Ecosystem
In its “2020 Cyber Threatscape Report,” Accenture points out that many threats — up to 40 percent — originate outside of the organizations that eventually get targeted. One of the largest attacks of all time, the NotPetya attack, began as an assault on a Ukrainian company and spread worldwide through the supply chain.
Understanding and combatting these supply chain threats takes a lot of work, particularly for a single institution working alone. The Wall Street Journal recommends mapping out partners, vendors and software suppliers and collaborating to close security gaps.
3. Consider Security Partnerships with Other Industries
Fighting cybercrime takes teamwork, but IT and security teams don’t always have optimal collaboration. A joint report by VMware Carbon Black and Forrester Research notes that that nearly 78 percent of IT leaders reported a negative relationship between IT and security departments.
Fortunately, the same report notes that mending these rifts was a priority among IT professionals. Additionally, organizations such as OmniSOC and the Northeast Ohio CyberConsortium are creating partnerships within and beyond higher education to help institutions detect and mitigate bad actors together.
RELATED: Should purple teams be part of your defense strategy?
4. Get Ready for Ransomware Before an Attack Happens
FireEye’s 2021 predictions focus on ransomware and its rapid growth. Not only are the variety and frequency of ransomware increasing, but attackers are getting into the cloud-based application game as well, offering other criminals Ransomware as a Service attacks.
FireEye recommends that institutions segment networks, have secured backup plans and involve key stakeholders, such as nontechnology university leaders, as they prepare for a potential ransomware incident.