How Does Cybercrime Affect Educational Institutions?
This month marks one year since lone Russian hacker Rasputin caused chaos by hacking into the information systems of over 60 universities and government institutions worldwide. These weren’t your average facilities either – big names included NYU, Cornell, Washington, Oxford, and Cambridge. All of them became the victims of cybercrime.
Rasputin’s attack wasn’t the first time educational institutions have been targeted, nor is it the last. Just a few months later, in June 2017, UCL, a prestigious London university, became the victim of a vicious ransomware attack, despite its reputation as a "center of excellence in cyber-security research.” Shared drives were infected, preventing students and staff from accessing online networks, slowing down the entire university system and causing “substantial disruption”. The ransomware was a zero-day attack, unknown to antivirus software. It originated from the web, most likely from a malicious pop-up or compromised website.
Cybercrime often has disastrous effects on universities. Attacks in the past have locked students out of their papers as deadlines approached. Others have resulted in the leakage of student financial data, examination results and other confidential information, causing significant privacy breaches.
Hackers such as Rasputin and the UCL hackers target educational institutions to get at the valuable and sensitive information they store. Financial information and academic research, for example, can be sold for high profits, making universities a tempting target for cyber criminals.
We know why educational institutions are attractive targets for cybercrime. But exactly what makes them so vulnerable?
A web of information
One core university vulnerability lies in widespread Internet use, on campus and off. Large Wi-Fi and LAN networks stretch across and between campuses, and are used by students, faculty and administrative staff members. At any given moment, hundreds or thousands of users are accessing the Internet through the network, on a variety of devices - from desktops in laboratories and administrative offices, down to laptops, tablets and smartphones in dorms. There are high levels of web traffic, with students researching projects, sending emails, socializing with friends, and browsing the web for entertainment on sites that are often sketchy at best.
The combination of many users, and widespread, intensive Internet usage increases the likelihood that someone will fall prey to web-borne threats by clicking on a malicious link in their email, or malvertising, malicious links, or drive-by downloads on websites. Sometimes, hackers target educational institutions directly, sending phishing emails to university email addresses or sharing links on websites frequented by students. With just one false move, web-based malware, such as ransomware can infect a user’s device and begin its journey to the network servers and throughout the network. Files sharing among staff and students can accelerate and exacerbate this process, as at UCL, leading to rapid compromising of shared drives.
Keeping educational institutions protected from web-borne threats isn’t an easy task. IT staff are stretched thin, tasked with handling large and diverse systems, often with limited resources and budget.
Security is a top priority for all educational institutions. And today, the Internet and campus Wi-Fi are absolute necessities for students, faculty and administrative staff. With that in mind, how can educational institutions protect themselves from web-borne threats, such as malware and ransomware, while providing a secure way for all users to browse?
A multilayer approach to cyber security
When developing a security plan for a large, complex institution like a university, a multilayered approach is essential.
The basic layers of defense typically include:
- Threat detection and prevention software, including the best anti-virus, anti-malware and firewall solutions.
- User instructions as to which software they should - and should not - install on their own devices.
- Strong password policies for network users.
- Cyber security training, including how to recognize and steer clear of malicious websites and phishing emails.
However, even these precautions are not enough to protect educational institutions from the dangers lurking on the web. Many types of malware, including zero-day threats, can evade detection, and human error is inevitable. To really minimize the chances of infection from web-borne threats, protection against browser-borne threats is essential, and best provided by remote browser isolation.
A remote browser isolation solution doesn’t rely on detecting threats to prevent an attack – instead, it simply isolates all browser-executable code, whether benign or malicious. Web content is rendered by a remote secure browser located in an isolated container, away from the endpoint, in the network DMZ or the cloud. Users access the web as always, using their regular browser, but what they actually see is a clean, interactive stream of content sent from the remote browser, ensuring a seamless and native browsing experience. Behind the scenes, remote browser isolation solutions isolate the entire browsing session – including any web-borne malware -- in virtual containers that are then destroyed at the end of each session, to ensure maximum endpoint and network protection.
Minimizing the cyber security threat
With their large population of users, including students who do not always use the best internet hygiene, often neglect to protect their devices with the appropriate software, and tend to visit infection prone websites, university IT systems are especially vulnerable to web-borne threats.
By using a multilayer approach to cyber security, educational institutions can protect themselves from security breaches, allowing students and staff to access the web freely, without risk to the institution itself.