Multifactor authentication was the next item on the list, mainly because the move to offsite work had exposed a gaping hole in the institution’s MFA strategy. It already relied on MFA to secure access to web-based services and email but had never required it for logins to email clients.
“That’s because in the past, the people who were using email clients were usually sitting on campus,” says Corn.
Suddenly, with everyone working from home, his team had to deal with a constant stream of suspicious login alerts from vendors. “Once we had multifactor in place, that went away almost entirely.”
Finally, Corn and colleagues wanted a better solution for securing remote access to UCSD’s campus resources. Prior to the pandemic, they’d relied on Remote Desktop Protocol for their Windows machines.
“Now we’re seeing that, with ransomware events especially, something like 80 percent are exploiting poorly configured RDP,” Corn says.
The IT staff is still assessing its strategy — whether that means putting everything behind a VPN or utilizing Remote Access as a Service — but with all signs pointing to continued remote work for a significant portion of the campus community, a new solution will be in place soon.
Threat Hunting in a New Cyber World
UCSD was no different from other colleges that received a crash course in crisis-driven cybersecurity over the past 18 months.
“We’re in a race with the hackers, and they’re running a relay —sprinter to sprinter — while we’re still running at a marathon pace,” Corn says.
With that in mind, he and other IT leaders are re-evaluating their long-term strategies and adopting new tools to help them stay a step ahead of their adversaries.