Cyber-attacks on UK universities are on the rise, which shouldn’t come as a surprise to anyone. Universities hold vast amounts of sensitive data, and like most Government funded institutions, typically operate on a limited budget.
A university may hold thousands of student records, with each record containing a wealth of Personally Identifiable Information (PII), such as names, ages, addresses, and so on. Hackers can steal this information and sell it on the black market, or use it for other malicious activities, such as identity fraud, extortion, and more. Some universities will also store students’ bank details, which could be used for financial fraud.
However, in recent times we’ve seen increasingly more hackers targeting research papers – including documents that relate to national security.
Troubles with Trojans and DDoS
According to the 2019 State of Malware by Malwarebytes, the education sector is one of the top industries impacted by Trojans – a type of malware that is disguised as a legitimate application. Trojans have been known to cause serious disruption to educational institutions. In February this year, a Trojan by the name of ‘Emotet’, forced Columbia State Community College to shut down its network and suspend classes for two days. Universities are also subject to DDoS attacks, such as the attack on The University of Edinburgh in September 2018, which disrupted their online services for about two hours.
Given that 100% of UK universities failed a penetration test within two hours, it’s clear that universities must do more to tighten up their security posture in order to mitigate any potential data breaches. The question, of course, is how?
How Universities Can Tighten Up Their Data Security
As IT environments become increasingly more complex and distributed, traditional perimeter defenses, such as anti-virus software and Firewalls are much less effective at keeping our networks secure. Even SIEM solutions are less relevant than what they were.
In addition to having a strong password policy, enforcing “least privilege” access, implementing application blacklisting/whitelisting, and so on, institutions need to adopt a more layered approach to cyber-security, which leverages a more diverse range of security solutions. Such solutions may include Intrusion Prevention Systems (IPS/IDPS), Two-factor authentication (2FA), Data Loss Prevention (DLP), data discovery and classification, User Behavior Analytics (UBA), AI/machine learning, etc.
Of course, educating both employees and students about security policies and best practices is always a good place to start, especially since the majority of security incidents are caused by insiders – even if their intentions were not malicious.
While it is practically infeasible to prevent all users from breaching security protocols, there are a number of solutions which institutions can implement to at least be able to detect, alert and respond to suspicious user behavior. For example, solutions such as LepideAuditor provide user behavior analytics, data discovery and classification and permissions analysis, all from one place. They can enable us to determine who has access to what data, and whether the level of access they have is appropriate.
They can automatically detect and manage inactive user accounts and respond to events that match a pre-defined threshold condition, such as multiple failed login attempts, or when multiple files are encrypted within a given timeframe. While UBA solutions are not designed to eliminate the possibility of a data breach directly, they can at least provide us with both the signals we need to fine-tune our security policies and ACLs, and the ability to carry out a forensic investigation into the cause of the incident in a fast and efficient manner.
If you would like to see how LepideAuditor can help your university improve data security and prevent data breaches, schedule a demo with one of our engineers today.