Security

Ease the Higher Ed Security Burden with Endpoint Protection

As remote work and learning expand, under-resourced university IT departments must secure significantly more endpoints.

Alexander Huls is a Toronto-based writer whose work has appeared in The New York Times, Popular Mechanics, Esquire, The Atlantic and elsewhere.

More cybercriminals are making colleges and universities their preferred targets for ransomware attacks. A report by Check Point finds that attacks on educational institutions are growing faster than in any other sector.

“Colleges and universities are prime targets for cyberattacks because they can be a one-stop shop for critical information that ranges from students’ medical records and financial and payment card data to valuable research and intellectual property,” says Amy Blackshaw, vice president of product and technical marketing at Bitdefender.

This threat comes as higher ed IT departments struggle to respond to more security incidents with fewer people and smaller budgets. One popular solution is comprehensive endpoint protection that automates security and risk assessment.

Here’s a look at the current cyber crises facing higher education and how endpoint protection can protect colleges and universities.

DISCOVER: How Bitdefender's endpoint protection can protect your institution.

The Current Challenges of Ransomware Attacks and IT Shortages

According to the U.S. Bureau of Labor Statistics, higher education’s labor shortage has eased since the worst days of the COVID-19 pandemic. That hasn’t necessarily been the case for IT and specialized IT security staff. As Richard DeMillo, chair of the Georgia Institute of Technology School of Cybersecurity and Privacy tells Diverse: Issues in Higher Education, “There are more open positions in cybersecurity around the world than there are cybersecurity professionals.”

That gap has left many unprepared for and overwhelmed by not just the number of attacks but their evolution.

“There continues to be rapid change in the techniques and tactics that cybercriminals use,” says Blackshaw. “The ransomware underground has changed dramatically into Ransomware as a Service.”

That ease of access unfortunately has paired with the pandemic and post-pandemic shift to remote work models, which has exponentially increased the number of endpoints within higher education institutions’ ecosystems. “The perimeter has all been exploded,” says Blackshaw. Given that many security breaches in 2019 — before the pandemic-fueled boost to remote work — occurred as a result of unsecured endpoint devices, it’s not hard to imagine how much more vulnerable institutions have become with more endpoints.

There continues to be rapid change in the techniques and tactics that cybercriminals use. The ransomware underground has changed dramatically into Ransomware as a Service.”

Amy Blackshaw Vice President of Product and Technical Marketing, Bitdefender

It’s also not hard to imagine how IT departments having trouble finding and retaining employees will struggle, let alone be capable of knowing what may be threatening their servers, networks, clouds or virtual setups.

“There are two types of organizations: the ones that know they’ve been attacked and the ones who don’t know,” says Blackshaw. “If you don’t have the right staff or managed service, you’re just really unaware of what’s actually happening.”

With ransomware refusing to abate, not knowing can be a costly situation for higher education institutions. But what can they do, especially those with limited resources and staff?

FIND OUT: Universities share the lessons learned after ransomware attacks.

Why Endpoint Protection Solutions Matter in Higher Education

Many colleges and universities are using preventive measures like anti-virus solutions or tools that can monitor malicious IP addresses. Prevention, however, is not enough.

“You also need to have detection and response, because even if only 1 percent of threats breach your preventive controls, that can be very bothersome,” says Blackshaw. “If you don’t have some type of visibility on all of those endpoints, your attack surface is massive.”

That’s why comprehensive endpoint protection solutions have become so critical. Tools like Bitdefender’s GravityZone platform can combine different capabilities into one cost-effective option. These often incorporate endpoint and detection capabilities that monitor behavior patterns of potential malware and, if something passes through preventive controls, offer automated responses like quarantining affected endpoints. An all-in-one solution can significantly assist “organizations that might have limited budgets or resources, and they are able to get a whole bunch of capabilities with one platform, combining risk hardening and assessment,” she says.

PROTECT YOURSELF: Download a checklist for avoiding zero-day exploits.

The value of an endpoint protection tool isn’t just about protection, however. By relieving IT staffers of the time-intensive work of detecting, investigating, monitoring and responding to threats, it releases employees to focus on more important things.

“It frees up the human analysts to work on higher-value problems,” says Blackshaw. “If you can offload some mundane and repeatable tasks, if you can leverage machine learning and data science to identify patterns of activity and prevent threats at the endpoint, you open up the door for your security practitioners.”

With the restored time, IT staff can focus on things that deserve attention: managing the day-to-day IT needs of their colleges or universities, spending time conducting higher-level risk assessment, determining what resources are most vulnerable, and formulating and running trainings for students and faculty to maintain better security hygiene.

There is, of course, one more benefit comprehensive endpoint protection solution looks to provide the colleges and universities that use them: a little less stress.

“When we’re talking about ransomware, those can be existential events for organizations. If we can help customers with their peace of mind and minimize their risk, it really does matter. It keeps our customers happy and in business,” says Blackshaw.

Brought to you by: