Campus leaders today are already riddled with cyber security challenges including the data privacy of their students. The recent hacks that have reported in the higher education industry are adding to the stress of these campus leaders.
Recent Cyber Security Challenges
Regis University, Denver, CO
In a disturbing trend of college campuses that have been hit by hackers, Regis University in Denver is the latest victim of a cyberattack. According to the Denver Post:
A forensic investigation at Denver’s Regis University confirmed Friday that the private college’s technology systems were attacked by a “malicious threat” likely from outside the country.
“Immediately upon discovering this issue, we quickly and intentionally took our information technology systems offline in an effort to protect the university and your information while we initiated an investigation and notified law enforcement,” Regis said in a statement Friday. “We are unfortunately only the latest entity to face this kind of incident.”
It isn’t clear whether the cyber attack was based on a ransomware attack, the matter is currently under investigation.
Stevens Institute of Technology, Hoboken, NJ
Stevens Institute of Technology is still struggling to restore their network in time for the new school year. According to NJ.com,
The Hoboken college admitted on its website on Aug. 8 that it was the victim of a “very severe and sophisticated” cyberattack and it was working to “resolve this as quickly as possible.
The computer system is still down Monday, officials said in an online update.
The school also advised users, including students, “for your own protection, please shut down and do not use any computers that have been connected to the Stevens network until further notice.”
Stevens Institute of Tech student went to Reddit to post an open letter to college officials, saying:
As a Stevens student and an unfortunate victim of the ongoing ransomware attack, I am appalled by the latent and opaque response of the Stevens Administration surrounding the recent exploit and ransom of devices on the Stevens network.
Let me begin by stating that although the security of the Stevens network has long been called into question and the prolonged response by the Information Technology department is a cause for concern, I am not writing to express my displeasure for the actions that have been taken by the people directly combating the attack nor the future actions of Stevens’ department of Information Technology.
Rather, I am writing on behalf of the Stevens community to express our widespread disappointment in the Stevens Administration. I hope to facilitate and encourage an open and transparent discussion surrounding the status of our personal data, the competence of our current administration, and most importantly the lack of assistance offered to the Stevens students affected by this attack. Read more on Reddit.com
State and Local Governments Suffer Cyber Security Challenges
State and local governments store massive amounts of data on private citizens, making them a hot target for hackers. Just as colleges and university store data for students, hackers want to take advantage of this information.
22 Texas Towns Attacked
The mayor of one of the municipalities in Texas admitted that hackers are asking for $2.5 million to unlock their files.
According to NPR,
Experts say that while government agencies have increasingly been hit by cyberattacks, simultaneously targeting nearly two dozen cities represents a new kind of digital assault.
“What’s unique about this attack and something we hadn’t seen before is how coordinated attack this attack is,” said threat intelligence analyst Allan Liska. “It does present a new front in the ransomware attack,” he said. “It absolutely is the largest coordinated attack we’ve seen.”
Liska’s research firm, Recorded Future, has found that ransomware attacks aimed at state and local government have been on the rise, finding at least 169 examples of hackers breaking into government computer systems since 2013. There have been more than 60 already this year, he said.
Louisiana Forced to Declare a State of Emergency
Homeland Security was forced to activate its Crisis Action Team in response to the State of Emergency announced by Louisiana Governor, John Bel Edwards. Louisiana’s Emergency Services Function-17 was also activated to coordinate the response of the cybersecurity incident.
“The state was made aware of a malware attack on a few north Louisiana school systems and we have been coordinating a response ever since,” Gov. Edwards said. “This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat.”
See the Emergency Declaration here.
This was the first activation of Louisiana’s emergency support function, which is newly created in Louisiana, in anticipation of the threat of cyber attacks.
More Cities, States, and Local Governments added to the List
In a year, local governments in Collier, Florida have been scammed out of nearly $1 Million. Read the report here.
The city of Atlanta is still recovering after spending upwards of $1.4 Million after ransomware attacks. Read the full report here.
La Porte County, Indiana forced to pay $130,00 in bitcoin following a ransomware attack. Read the article here.
Heavy Regulations add to Cyber Security Challenges
Governments and Higher Education Institutes are some of the most heavily regulated industries in the United States. Just to name a few:
- Family Educational Rights and Privacy Act of 1974 (FERPA)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Gramm Leach Bliley Act (GLBA)
- Fair and Accurate Credit Transaction Act of 2003 (FACTA or “Red Flags Rule”)
- Privacy Act of 1974
- E-Government Act of 2002
- Federal Information Security Management Act of 2002 (FISMA)
These compliance regulations are put in place to protect the data and privacy of private citizens and students.
While these regulations should protect these organizations from cybersecurity challenges, they don’t always allow for the constraints that governments and higher education institutes typically face. Funding, Staff time and expertise, as well as calendar time, are just a few of the common constraints facing these cyber security challenges.
Outsourcing Reduces Cyber Security Challenges – at an Affordable Rate
By outsourcing your cyber security to an MSSP like Cybriant, you can potentially reduce your threat landscape. How?
- You get a fully trained team of cybersecurity experts, watching your network around the clock at fraction of what a full-time team would cost.
- You get competitive threat intelligence gathered from all the clients we serve. We’ve seen a lot.
- We monitor your network for suspicious activity around the clock. Either through your SIEM or EDR technology, we have an inside view of what is happening.
- Leave the patching and vulnerability management to us. Our team creates helps automate this function, so it is no longer an overlooked task.
Conclusion
Start with a strategy. Most security leaders agree that spending a small amount of time on creating your cybersecurity strategy (including deciding on a framework) has the biggest overall impact. Yet, many overlook this crucial step.
Consider an assessment. A Security Risk Assessment is the best way to determine any gaps in your security strategy.
Outsource to the experts. Your staff can focus on the tasks necessary to help your organization. Our team acts as an extension of your team.
How to Meet the Guidelines for the NIST Cybersecurity Framework
PREtect: Making Cybersecurity Easy
