Why U.S. higher-ed should be worried about ransomware attacks
2017 was the year of the hackers. From WannaCry to Petya, there were many versions of ransomwares locking up data and decrypting and releasing it only when the money was paid, usually through Bitcoin. Not only has there been an increase in the number of attacks, the level of sophistication in distribution and attack methods has increased as well.
At the same time, usage of crypto currency as a medium makes the attacks almost impossible to track. In 2017, “A company was hit with ransomware every 40 seconds.”
While some industries continue to be bigger targets than others, data shows that no sector is immune to ransomware attacks. Higher education is being hit hard by ransomware. A BitSight Insights report found that 23% of all higher education institutions were attacked with ransomware in 2017, compared to 18% for government, 16% for healthcare, 16% for retail, and 21% for financial organizations.
As per a popular information security blog, “higher education is the top target for ransomware attacks”. The Campus IT networks are generally of open-nature with a broad usage of social media by students and employees, which are one of the topmost and the easiest targets. Further, there are often limited network controls in place, compared with other targeted industries. As a result, campus networks are both vulnerable and enticing for hackers. All it takes is one unpatched system on the network for a ransomware attack to be successful. The combination of students, faculty, staff, and visitors coming and going on the campus network, coupled with most of legacy systems makes universities particularly vulnerable to ransomware attacks.
Smart end-users and organizations patch their systems and indeed, Microsoft frequently releases patches to close the security gaps. Unfortunately, the complexity of patching numerous computers in disparate locations campus-wide as well as off-network results in many institutions not patching as regularly as they should.
The reality is the most successful exploits are against unpatched systems. Hackers love to take shortcuts and the patching process offers a perfect opportunity; just like the NSA leak offered an architectural blueprint for how to exploit the Windows’ hole that Petya jumps through.
Ways to Avoid the Pain
Ransomware is known to cause serious damage, but its most catastrophic effects are easily avoided if you take these basic steps:
- Patch your computers. Patching is the most critical requirement, but you cannot rely on end-user vigilance or manual IT means. You need an automated patching solution so patches are installed when they become available – on all endpoints and servers.
- Conduct vulnerability assessments. Keeping a check on your network is the key to secure your information and data. By performing timely checks and security assessments, administrators can identify all the security loopholes in the network, which are then patched to attain maximum security.
- Server and Network Hardening. After security assessments, hardening your servers and network is the next step. Reducing available ways of attack typically includes changing default passwords, removal of unnecessary software, usernames or logins, the disabling or removal of unnecessary services, and setting up intrusion-detection systems.
- Maintain an antivirus and anti-malware solution. With proper security protection across all your systems, incursions such as WannaCry will be spotted, blocked, and purged. Like patching, an automated solution that installs and updates security across all your systems is essential.
- Be Smart about backup. Ransomware works by holding your data hostage. For those with no backup, an encrypted and locked hard drive is a disaster. If you have a current backup, it is only a nuisance. The best solution is an automated tool that backs up all your systems to the cloud, where it remains safe until you need that data back.
- Awareness and training are key to prevention. Most ransomware is delivered via phishing email and require the recipient to do something, so educate faculty, staff and students about how to recognize dangerous emails, links and attachments. Implement formal procedures for reporting and investigating attacks. Identify the process to follow if ransomware is downloaded, such as disconnecting the device from the network and following breach notification laws. This should be part of your incident response plan. Conduct a risk assessment to understand how vulnerable your systems are to attack, and deploy the necessary tools and strategies to prevent or minimize the impact.
Ransomware isn’t going away, and higher education continues to be the prime target. In the time it took you to read this article, thousands of attacks could have been attempted on your network. Take steps now to increase awareness, improve your defenses, and implement processes that make your institution more resilient to ransomware attacks.
About the Author
Joseph Redwine is the President at OculusIT. He has over 30 years of senior executive experience in the higher education sector. Joe entered the higher education services industry because of his passion to serve and support the mission of higher education and its service to students. Joe also has a record of service to the nation. He has served as the CIO for the Florida Air National Guard and as the strategic advisor for continuous improvement of its command, control, communications, and intelligence capabilities. Joe honorably retired as a Lieutenant Colonel from the United States Air Force and Air National Guard.