Cybersecurity is a Major Issue for Higher Ed
A growing number of threats are engineered to target a specific institution and its unique vulnerabilities. What should institutions do?
As the volume and rate of complex cyber-attacks such as malware, ransomware, DNS data exfiltration and phishing continue to rise exponentially, higher education institutions are now struggling to deal with a tsunami of threats. To add to the challenge, the vast majority of threats they face are engineered to target a specific institution and to exploit any vulnerabilities in its specific security systems and processes.
A system that becomes infected with malware presents a huge risk for any college or university. For example, in the case of an infected laptop, disconnecting the device from the network and removing the malware is time consuming and inconvenient, and there is a greater risk that a malware-infected laptop could be used to steal confidential data such as student information, financial data, usernames and passwords.
The financial and reputational impact that a data breach can have on an institution can be catastrophic, which is why cybersecurity is now a board agenda.
Basic Won’t Cut it Anymore
Many higher education institutions have already invested heavily in security solutions, but the bad actors continue to bypass many of the current security controls. Other institutions have underinvested and only have basic protections in place, but now realize that it is simply a matter of time before this approach fails.
Why is this a hard problem for them to solve?
Even when an organization has deployed multiple security solutions such as Next Generation Firewalls, Secure Web Gateways, Sandboxing, Intruder Prevention Systems, Endpoint Anti-Virus, and other similar protections, the malicious actors are still able to get into the institution by exploiting weaknesses and gaps in its security posture.
The key driver for breaking into a college or university – or any organization, for that matter – is typically financial, which means that there is a game of cat and mouse played between the bad actors and institutions.
3 reasons why cybersecurity is such a problem for higher ed
1. Techniques Evolve FAST
Bad actors continually invest significant amounts of time and money in developing and adapting targeted threats that can bypass the defenses an organization has built. They use a wide range of sophisticated and evolving techniques that make it very difficult for any higher education institution to have a 100-percent-effective approach to security. As new attack vectors develop, organizations have increased exposure and increased risk.
2. Domain Name System (DNS)
One common factor seen across many threats is the use of the Domain Name System or DNS. The DNS is a core Internet protocol and is arguably one of its most critical components. When a user types www.example.com into their browser, the request is resolved by the recursive DNS infrastructure to identify the IP address of the physical web server that hosts example.com. An easy way to think about DNS is that it is essentially a phone book for the Internet that translates easy-to-remember resource names into the IP address of the server where that resource is located.
However, DNS has no intelligence to determine if a requested domain is a safe domain or a malicious domain that hosts malware. Instead, it will return the IP address for both good and bad domains. So, if a user in an organization receives a phishing email and they click on the link in the email, DNS will answer the request with the IP address of the server that hosts the phishing domain.
For example, when malware is installed on a device, it works just like any other software and tries to install additional software or receive updates. For the vast majority of modern malware, the way the malware calls home is by making a DNS request to find out which command and control (C2) server it should connect to. Using DNS provides greater flexibility than a hard-coded IP address that is easier for authorities to track down and for enterprises to block using a simple firewall rule.
In another example, DNS data exfiltration uses DNS requests to encrypt and send out confidential information outside of the organization. This could be credit card numbers, user logins and passwords, social security numbers, and so on. The malicious actors unencrypt the information and then sell or rent that data or use it to launch further attacks. Given the volume of DNS requests for a typical enterprise, it is not practical to inspect every packet.
3. Obfuscation Techniques
Associated with C2 and DNS data exfiltration, the bad actors also use obfuscation techniques such as Domain Generation Algorithms and Fast Flux domains to make it difficult for organizations to detect and block the malicious DNS requests.
The big challenge that higher education institutions face is that they often have limited visibility into the threat landscape that they uniquely face. As a result, one institution is likely to have a very different view of the threat landscape than that faced by another institution.
That means that when a college or university faces a threat that they have not seen before, it takes longer for them to identify and remediate the problem.
Given the evolving and expanding threat environment, institutions need to share information to improve the cybersecurity posture across the entire higher education market.