Safeguarding Higher Education from Cyberattacks
Research and education community join forces and resources to combat cyberattacks
DENVER, Colo., April 21, 2017 – The increase in the risk from cyberattacks has received significant attention from the research and education (R&E) community and has spurred many campuses to adopt new security controls and implement additional tools to protect their institutions. These risks include ransomware attacks, which are typically attacks on a system or computer with the intent to disrupt or block access to data until a ransom is paid, as well as distributed denial-of-service (DDoS) attacks that are intended to interfere with the availability of a campus’ network or applications.
In 2015, the Department of Homeland Security issued an Intelligence Assessment on Research and Education. In general, the report noted, cybercriminals do not target university systems and users more than any other victims. This finding holds true today.
“There are always new threats to cybersecurity, and the threats often evolve faster than the safeguards,” said Kim Milford, executive director of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), which started in 2002 and coordinates information sharing about computer-security threats and countermeasures among higher education institutions. “Through active sharing among the research & education community about the most current threats, we can collectively defend against them by updating our processes and finding safeguards that most effectively protect against those threats.”
The cybersecurity landscape is constantly evolving because threats on the internet continue to not just grow, but also morph. In the past, risk mitigation was heavily focused on network controls and patching applications. As IT organizations deployed safeguards, malicious actors moved on to more lucrative attacks, such as phishing and ransomware, which target the user more than the application or hardware.
Higher education could be susceptible to cyberattacks for many different reasons, but are likely targets due to their computing resources, intellectual property, and vast amount of personal information belonging to their students, faculty, and staff. In 2016, REN-ISAC sent out 67,000 notifications to R&E institutions about potential machines compromised by vulnerability exploits.
“It can be difficult to talk about the risks of cyberattacks without invoking fear, uncertainty and doubt among IT professionals in research and education,” added Milford. “They may feel ineffective at risk mitigation and outsource critical security tasks. In the other extreme, they may feel the need to spend down their whole budgets to counteract the threats. The truth is, there is a happy medium. An objective analysis of the threats and threat actors can assist today’s IT professional in managing those risks.”
Milford will present an annual assessment of the current risks along with practical and operational advice to the research and education community in a Global Summit session on Tuesday, April 25 from 4:30 – 5:30 p.m. EST at the Renaissance Downtown Washington, D.C. Hotel. For more information on the Global Summit, taking place April 23-26, visit https://meetings.internet2.edu/2017-global-summit/
EDITOR’S NOTE: Interviews are available to members of the media upon request. Reporters interested in obtaining a press badge for the 2017 Global Summit should contact Sara Aly, email@example.com or 720-379-9674.