Much like teams in the annual March Madness collegiate basketball tournament, higher education institutions must stay on their toes, anticipate their opponents’ moves, and execute a winning game plan to beat cyber attackers. Against an onslaught of cyber threats, IT leaders are deploying a full-court press to enhance institutional resilience, reduce vulnerabilities, and rebound from cyber incidents.
Scouting Out Cyber Opponents
Ransomware, phishing, and information-stealing malware are dominant threats in higher education, often targeting students, faculty, and institutional infrastructure.
“Ransomware is a three-point shot against institutions,” said Jim Shook, director of the Cybersecurity and Compliance Practice at Dell Technologies, in a recent MeriTalk webinar. “First, cyber attackers may enter the network, encrypt data and systems, and try to sell it back to institutions. Second, they may steal data, such as financial information or intellectual property, and threaten to publish it. Third, they may destroy data to make it more difficult for institutions to recover.”
“Phishing attacks have really increased over the last several years,” added Loren Larson, chief information security officer at the University of West Alabama and a cybersecurity strategist at Dell Technologies. “It’s a very prevalent means by which they can potentially launch a ransomware attack or steal funding by just tricking somebody into paying an invoice.”
Attackers’ use of malware to access authenticated sessions is an increasing concern, said Christopher Wong, senior associate director for information technology at Florida Atlantic University. “Whatever the user has access to, they now have access to without doing any sort of two-factor [authentication].”
While cyber threats continue to evolve, institutions are also battling a more fundamental challenge: limited resources.
“Most higher eds are operating with limited resources, both financial and human,” explained Matt Williams, chief information security officer at the University of Tennessee, Knoxville. “So, while it’s not directly a threat, one of the biggest risks we face is misconfiguration. We’re tasked to do a project, and then we move on to the next thing. And there’s a real risk of not going back and making sure what we put in place is configured 100 percent correctly, and that leaves vulnerabilities and holes that allow threat actors to do their worst.”
Building a Championship Defense Against Cyber Threats
“At Dell, we talk about [cyber resilience] in three parts: one, to reduce the attack surface; two, to be able to detect and respond to threat actors; and three, to be able to recover,” Shook said.
Williams pointed out a challenge in reducing the attack surface: faculty and staff with administrative privileges on their devices “to install the software that they need to do research or conduct their courses in the fashion that they are most comfortable with.”
“We’re trying to address this cultural challenge,” Williams said. “Persistent administrative privileges on a workstation are a pretty big vector of attack.”
As threats become more sophisticated, many institutions are turning to automation and managed detection and response (MDR) solutions to detect and respond to attacks.
“A managed detection response team takes some of the burden off of your own team internally,” Larson said. “With an MDR team working at your side, you’ve got somebody watching and waiting to react 24/7, and they can take action to help you stop an attack.”
Institutions must also prepare for the inevitable by building robust recovery and continuity plans. Wong emphasized the importance of testing these plans in real-world scenarios.
“We go through an annual disaster recovery simulation to test all of these processes and procedures that we’ve accumulated,” he said. “We will always find things that we can improve, and we adjust accordingly. As part of this process, we invite other colleges and departments to participate with us.”
A key part of resilience is ensuring that recovery systems remain secure. Cybercriminals are now actively targeting backup environments, making traditional recovery plans less reliable.
“We’ve seen where they’re removing and erasing your backups, and that’s why it’s key to make sure that you not only test them, but ensure that they’re safe,” Wong stressed.
Sharing Game Plans and Lessons Learned
Cyber resilience doesn’t happen in a vacuum. Higher education institutions that collaborate and share threat intelligence will be more successful against attackers.
“You’ve done your root cause analysis. You figured out what went wrong. I find it beneficial to share that information. Not just within the organization, but with peer organizations as well,” Wong said. “It’s saved other institutions a lot of the pain that we encountered.”
Shook echoed this sentiment, underscoring the need for strong leadership in cybersecurity efforts.
“We have this little saying that cyber resilience is everyone’s job and nobody’s responsibility,” Shook said. “You need a leader, and somebody’s got to be the one who’s going to set the picks, jump on the loose ball, play defense, do all the hard things, and lead the way for everybody else.”
For more insight, view the webinar on demand.