Security

How Universities Can Cope Amid a Ransomware Perfect Storm

Comprehensive disaster recovery and business continuity architectures can help assess the risks and potential threats.

Steve Grewal is a former executive at the Education Department and is federal CTO of Cohesity.

Malicious hackers are almost always on the prowl and constantly searching for their next ransomware victim. Unfortunately, the global health crisis may have made the situation worse.

As many colleges and universities moved quickly to a remote model, the number of entry points for potential attacks increased. With the rapid evolution and proliferation of ransomware attacks, it’s becoming increasingly important for colleges and universities to embrace modern approaches to stay one step ahead of the bad guys.

Gain Understanding of How Ransomware Can Infect Your University

There are a number of risk factors for ransomware attacks against universities, such as:

Lack of education and training. Many ransomware attacks begin with phishing or human error. Properly training users can prevent faculty, staff, students and the university as a whole from allowing attackers to gain access.
Sprawling and complex infrastructure. Organizations will remain targets if they don’t adequately manage and track their increasingly intricate infrastructure. Scanning backup systems and production data for exposures, permissions and configuration issues must be a key pillar of any university’s data protection strategy.
Lax security policies. Your users have to understand the risk incurred when they click on unverified links, open untrusted email attachments, give out personal data or use unfamiliar USB drives. Emphasize also that they should download only from trusted sites and use a VPN when connected to public Wi-Fi.

MORE ON EDTECH: Download the checklist you need to build a Defense-in-Depth strategy.

Paying Does Not Guarantee Data Return

The FBI has said it doesn’t advocate paying a ransom in ransomware attacks, in part because that doesn’t guarantee the organization will regain access to its data. In fact, most organizations refuse to pay, but without the ability to fully recover their data, an attack can force them to resort to manual operations for days, weeks and even months.

Comprehensive disaster recovery and business continuity architectures can help assess the risks and potential threats. With a thorough plan in place, universities can continue operations and protect and retain pertinent information. This typically involves a three-pronged approach:

Prevention: Key preventive measures include time-based immutable snapshots of backup data, multifactor authentication and the ability for security officers to “lock” copies of backup data. This provides an additional layer of defense against ransomware.
Detection: If an attacker does gain access, sounding the alarm quickly is critical. Backup solutions should employ anomaly detection technology powered by machine learning to determine when the breached file’s data-change rate breaks its usual patterns. If and when this happens, an alert should go out to the IT administrator and to a third-party support team to help contain the attack.
Recovery: A rapid recovery plan should use recommendations driven by machine learning to identify which data to recover and provide the ability to restore at scale.

MORE ON EDTECH: Learn these tips for preventing ransomware during remote learning.

How to Restore Systems Without Compromising Data

Organizations need backup solutions that limit cyberthreat damage, such as an immutable file system and WORM (write once, read many) storage. These measures are key to bringing organizations back online as quickly as possible.

With so many faculty, staff and students working remotely during the pandemic, ransomware will remain a top security threat. Colleges and universities store huge amounts of sensitive data, making them a major target for attackers.