Gain Understanding of How Ransomware Can Infect Your University
There are a number of risk factors for ransomware attacks against universities, such as:
- Lack of education and training. Many ransomware attacks begin with phishing or human error. Properly training users can prevent faculty, staff, students and the university as a whole from allowing attackers to gain access.
- Sprawling and complex infrastructure. Organizations will remain targets if they don’t adequately manage and track their increasingly intricate infrastructure. Scanning backup systems and production data for exposures, permissions and configuration issues must be a key pillar of any university’s data protection strategy.
- Lax security policies. Your users have to understand the risk incurred when they click on unverified links, open untrusted email attachments, give out personal data or use unfamiliar USB drives. Emphasize also that they should download only from trusted sites and use a VPN when connected to public Wi-Fi.
Paying Does Not Guarantee Data Return
The FBI has said it doesn’t advocate paying a ransom in ransomware attacks, in part because that doesn’t guarantee the organization will regain access to its data. In fact, most organizations refuse to pay, but without the ability to fully recover their data, an attack can force them to resort to manual operations for days, weeks and even months.
Comprehensive disaster recovery and business continuity architectures can help assess the risks and potential threats. With a thorough plan in place, universities can continue operations and protect and retain pertinent information. This typically involves a three-pronged approach:
- Prevention: Key preventive measures include time-based immutable snapshots of backup data, multifactor authentication and the ability for security officers to “lock” copies of backup data. This provides an additional layer of defense against ransomware.
- Detection: If an attacker does gain access, sounding the alarm quickly is critical. Backup solutions should employ anomaly detection technology powered by machine learning to determine when the breached file’s data-change rate breaks its usual patterns. If and when this happens, an alert should go out to the IT administrator and to a third-party support team to help contain the attack.
- Recovery: A rapid recovery plan should use recommendations driven by machine learning to identify which data to recover and provide the ability to restore at scale.
How to Restore Systems Without Compromising Data
Organizations need backup solutions that limit cyberthreat damage, such as an immutable file system and WORM (write once, read many) storage. These measures are key to bringing organizations back online as quickly as possible.
With so many faculty, staff and students working remotely during the pandemic, ransomware will remain a top security threat. Colleges and universities store huge amounts of sensitive data, making them a major target for attackers.