EDTECH: What strategies can help institutions protect themselves?
CONNER: The first piece is to recognize the differences that now exist. How do you rearchitect your security network for this extended, distributed network? Colleges have been a service provider because they’ve got these departments that we can think of as similar to lines of business. Now, you’ve got to think of those lines of businesses as different risk sectors: If you’ve got research in technology, pharmaceuticals or healthcare, you’re code red.
You need to focus on that high-risk group — the professors, the lab assistants and even the students — and make sure they are properly vetted, almost like you would any employee, in terms of what they have access to. Then, you need to layer in security from the extended network, starting with endpoint security and authentication. You need to look at home networks and the Wi-Fi they’re using. Are they contaminated, or can you put in secure wireless?
People are using cloud apps more, so you need to make sure that is protected. Then, you need to look at the access networks, VPN and secure mobile access to make those are as secure as you can get them. You need to be able to look at your email and PDFs, because if people are coming in through spearfishing, which they are, that’s the easiest way to get into the network, take intellectual property or create ransomware opportunities, if that’s the objective.
What I strongly encourage is to layer that extended network and look at it in a prioritized fashion, knowing that the attack surface is infinitely large now.
MORE FROM EDTECH: Learn how to use purple teams in your security strategy.
EDTECH: How do you recommend institutions respond to ransomware?
CONNER: I would never recommend paying. Almost every security agency says not to do it, but every situation is different. What I would say is that just because you pay, it doesn’t mean you’re going to get your information back, because so many of these attacks are malware cocktails. Increasingly, ransomware is used as a Ransomware as a Service, meaning you go onto the deep web and you buy a ransomware package, and the sellers will ensure that you get in.
What they’re doing is making these ransomware cocktails out of bits and pieces. The problem is that whoever unleashes that ransomware on you may not have all the keys to unlock it back to you. Of course, you also don’t want to set a precedent of paying, because they will come back to you.
Instead, you should be backing up. Everyone has heard that, and it may be hard to do, but it’s critical that you do that, encrypt it and protect it.
EDTECH: Is there anything else institutions should keep in mind?
CONNER: The key thing I see is that the vulnerability and attack vectors are much wider now. Given limited resources, be it human capital or expense, you’ve got to think strategically in terms of risk to your institution. You’ve got to prioritize your most valued assets, much like a business does.