How Cyberattacks Affect the Entire Campus – Not Just the Classroom
The Canvas cyberattack in early May — during final exams at many colleges — highlights the widespread disruption caused by a successful attack, including students and instructors being locked out of assignments, grades and study materials. But the impact of an attack extends beyond the classroom and deep into the campus community itself.
“There can be disruptions to things like food services, to quality-of-life services like HVAC systems, anything that’s internet-connected,” explains Rose. “Sporting events and community events can be disrupted as well as extracurricular activities and transportation. We really must start thinking about educational institutions as community centers and not solely as educational organizations.”
Recognizing the likely widespread impact of an attack, universities need strategies in place that will help campus life continue as normally as it can. To start with, preventive defense-in-depth measures, such as network segmentation and applying a zero-trust framework where possible, should be in place. Universities still need to make it as difficult as they can for a successful breach to occur.
DISCOVER: Learn five ways to boost cybersecurity maturity in higher education.
Building a Security-First Culture Across Your Campus Community
Continuity plans and protocols for backing up and restoring mission-critical systems need to be in place, reviewed and practiced on a regular basis.
“We have to be ready to prevent, detect, respond, recover and continue the mission of the organization,” says Pendse. “Muscle memory is critical. Resilience is not about a document on the shelf — it needs to be muscle memory. We do a lot of tabletop exercises where we will simulate incidents. We make sure that our response time, response readiness and approach has become muscle memory, so we’re ready before something happens.”
Multifactor authentication is necessary to deter the most common attack pathways: phishing and social engineering attacks. Cultivating a security-centered campus culture can be a powerful tool for decreasing the effectiveness of these user-focused attacks.
“We have to think in terms of our famous football coach, Bo Schembechler. He said it’s about ‘the team, the team, the team,’” shares Pendse. “We need everyone on campus involved, not just cybersecurity experts. Every single individual on campus plays a role. The front door of cybersecurity is often a person deciding in a busy, rushed moment. Through training that we conduct across campus, we constantly remind people how to make safer decisions.”
How Threat Intelligence Sharing Strengthens University Cybersecurity
In addition to building a stronger security mindset within the campus community, universities need to look beyond the campus for support with continuity planning and intelligence sharing.
“Institutions should also be looking to others in the higher education community,” explains Rose. “They often have relationships with each other. They can seek out like-minded organizations, share intelligence and learn lessons from each other.”
A lot of that can be done through CIS’ Multi-State Information Sharing and Analysis Center [] and other association partners. Leveraging that community is a big part of it, Rose added.
“Collaboration occurs not only between the units in the university, but also outside,” adds Pendse. “We collaborate with our partners in the state of Michigan, we collaborate with other institutions, we collaborate with appropriate law enforcement agencies. This collaboration is ongoing; there has to be a relationship. Those meetings, those conversations, that type of activity needs to happen routinely.”
WATCH: Get tips on how to strengthen your higher ed institution’s incident response.
Stay Prepared During High-Risk Threat Windows During the Academic Year
Communication between institutions and their surrounding communities is especially important during critical time periods of the school year when attacks are more likely. The attackers behind the Canvas ransomware attack sprung during the critical end-of-year period, when finals and graduation ceremonies were taking place.
“Registration time, move-in days, final exams, graduation: During these periods, it is really important for the security and IT staff to adopt a heightened awareness,” shares Rose. “Attackers want to attack when everyone’s distracted, so identify those times when distraction is high and rules might be a little loose. Make sure your disaster recovery plans are ready, and that backups have been tested. Have a call list, and know who needs to be notified.”
