Protecting your institution from ongoing cyberthreats requires around-the-clock, proactive monitoring. When you factor in the invasion of Ukraine and the recent slew of cyberattacks from Russia, IT security teams across higher education should be on high alert for potential threats. Colleges and universities across the country must act now to shore up their cybersecurity measures and protect themselves from the ongoing cyberwar conditions that Russia is creating.
As the Chief Information Security Officer of OculusIT, higher education’s leading global, all-inclusive managed IT, security, and cloud services company, my team and I are deeply engrained in the monitoring and protecting of our clients’ security networks with 24×7 support.
Ongoing destructive malware threats are of important note in Russia’s cyberattacks. Russian threat actors have deployed destructive malware against government and education bodies intended to destroy computer systems and render them inoperable. This destructive malware may use popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from websites, and virus-infected files downloaded from peer-to-peer connections. Malware seeks to exploit existing vulnerabilities on systems for quiet and easy access.
Malware such as HermeticWiper and WhisperGate have been used against organizations in these recent attacks. These malware programs specifically target Windows devices, manipulating the master boot record and resulting in subsequent boot failure. This malware has the capability to target a large scope of systems and can execute across multiple systems throughout a network. As a result, it is important for your institution to assess your environment for atypical channels for malware delivery and/or propagation throughout your systems.
So what do we recommend? We encourage your team to implement the recommendations provided by the U.S. federal government and CISA, which urge all organizations – including educational institutions, both public and private – to take the following steps:
- Implement credential hardening and make it more difficult for attackers to get onto your systems by enabling multifactor authentication. Require strong, unique passwords and introduce account lockout and time-based access features, taking measures to reduce credential exposure.
- Establish centralized log management to record logs from across your institution’s IT infrastructure.
- Initiate a software and patch management program.
- Backup your data and maintain an offline backup. Data encryption is also recommended to data cannot be used in the event it is stolen in an attack.
- Employ antivirus programs for additional protection.
- Use endpoint detection and response tools to alert your security team of any incoming malicious activity.
- Maintain rigorous configuration management programs.
- Enforce the Principle of Least Privilege so users only have access to clearance levels needed to perform their roles.
- Review existing trust relationships with IT service providers, such as managed service providers (MSPs) and cloud service providers (CSPs). Threat actors are known to exploit trust relationships between providers and their customers to gain access to customer networks and data.
- Continue to provide and reinforce learnings from end user awareness and training. To help prevent targeted social engineering and spear phishing scams, ensure that employees and stakeholders are aware of potential cyber threats and how they are delivered. Also, provide users with training on information security principles and techniques. Inform employees of the risks of social engineering attacks, e.g., risks associated with posting detailed career information to social or professional networking sites. Ensure that employees are aware of what to do and whom to contact when they see suspicious activity or suspect a cyber intrusion to help quickly and efficiently identify threats and employ mitigation strategies.
If your team has questions about ramping up its IT Security measures or you simply need additional support to ensure protection during these ongoing global cyber threats, OculusIT is here to help. We offer 24×7 SOCaaS, virtual CISO leadership, full IT team support, and more. Please reach out to connect with one of our experts to learn more about our cost-effective options tailored to your institution.
About the Author
As Chief Information Security Officer at OculusIT since 2016, Vince Vargiya has over 15 years of experience in Cyber Security and Risk Governance. He is an influential leader and risk auditor. As a security practitioner, he is skilled at defining and implementing strategic direction. His areas of expertise include ISMS, GDPR, GLBA, PCI-DSS, NIST, BCP, PIMS, cyber security, cloud security, application security, data center management, and automation.
OculusIT is a global, all-inclusive managed IT, security, and cloud services company dedicated to serving the education industry. Our strategy is to offer the most cost-effective and responsive partnership that provides flexibility and nimbleness in response to economic changes and directly contributes to higher education’s ability to provide and maintain the highest quality IT services. OculusIT grows with you, adapts to you, and ensures consistency and continuity of service with a partnership, service philosophy, and cost savings unparalleled in the higher education IT services domain. Learn more at www.oculusIT.com.