The education sector is under attack from cybercriminals like never before. As the hasty digitalisation of education prompted by COVID-19 exposes vulnerabilities and lays bare valuable and sensitive data, we look at the step’s universities can take to prevent, detect and respond to ransomware attacks…
Data matters
Success in today’s digital economy means being able to keep your secrets close to your chest and leverage data to your institution’s advantage. The higher education landscape is an increasingly competitive one, with student numbers dwindling and university budgets being decimated by falling enrolment, mothballed accommodation and spiralling pension deficits. Every competitive advantage, including that to be gained through intellectual property and research data, needs to be protected.
Backup and protect
While maximising the potential of data will be a priority for universities as we move to a more digitalised model of education – think CRMs, analytics and AI enhancements – protecting the data they have got needs to be top of the list. Building a robust strategy for data backup will be of paramount importance, whether individual institutions opt for on-premise, cloud-based or hybrid solutions. But as cybercriminals become more innovative, prolific and determined, even that won’t be enough. Ransomware hackers have begun targeting backups more aggressively, in an attempt to gain full control of an institution’s data.
Unfortunately, warp-speed changes in the ways and places malware now appears makes it virtually impossible to prevent each potential new attack, so a proactive and all-encompassing defence is the best strategy for all educational institutions.
Prevent, detect, respond
Taking a multi-layered approach to data protection is the best way to safeguard backed-up data against ransomware attacks. This should include:
- Prevent: Taking proactive steps, such as two-factor authentication and using an immutable file system to make backups a less attractive proposition for ransomware attackers.
- Detect: Harnessing the full power of machine learning to discover ransomware attacks, by continuously monitoring primary sources and identifying anomalies.
- Respond: Quickly locating and deleting infected files across the global data footprint, including public clouds, to quickly recover from ransomware attacks, as well as instantly bring back all data through an instant mass restore.
Prevent backup from becoming a target
Prevention is always better than cure, and this holds true when it comes to university data backups. Making data look like an unattractive prospect – i.e. too much effort to steal or corrupt – is the best way of ensuring it all stays safe and secure.
Employing an immutable file system is one way of doing this. By backing up read-only files via time-based snapshots, and never making them accessible to or mountable by external systems, ransomware attackers will be unable to infect them.
DataLock policies are another best-practice principle for preventing attacks, allowing certain roles within the institution to set unchangeable policies on selected jobs. This type of write-once-read-many (WORM) policy means security personnel can store backups with, say, a time-bound setting, enforcing data protection that cannot be deleted beyond the scope of that policy, not even by the person who created it.
Two-factor authentication is a sensible standard to set across the entire infrastructure, from user terminals to VPN access, but it’s especially important for allowing access to backups.
Detect attacks
Ransomware attacks are evolving at an alarming rate, and whether they are targeting on-premise or cloud-based data and applications, they require security officers to stay one step ahead of the game.
Many of the backup services offered by cloud providers come with in-built functionality for automatically and continuously monitoring the data ingested from primary sources. They are able to spot patterns, detect changes, and will often automatically notify organisations about potential threats. Using cutting-edge algorithms to proactively assess anomalies is key to helping institutions keep their data backups safe.
Another important tool in a university’s data backup arsenal is a means for detecting anomalies in the data change rate of primary files. Has there been an unusually high daily change rate per logical data? Or a curiously low historical data ingest? Being able to see, and then being alerted to, these file-level changes will help to ensure ransomware attacks are detected quickly and can be dealt with before they cause too much damage.
The implications for universities of a data breach, loss or theft are enormous and wide-ranging.
Find out how to avoid reputational damage among faculty and prospective students in our free guide “Security in the cloud: How further education institutions can defend their data”
Respond quickly
When the worst happens and a university’s data backup falls prey to a ransomware attack, it’s vital that recovery is executed quickly and smoothly to limit organisational downtime. Again, many cloud-based provisions, including SaaS, DRaaS or BUaaS, will include in-built functionality for limiting damage, restoring data, and ensuring business continuity.
A cloud-based Backup-as-a-Service solution enables institutions to consolidate data across the often-complex infrastructure, allowing for easier data and application management across sites and environments and making data recovery a much simpler task. It also offers unlimited scalability to ensure even one-off, large-scale data ingestion is protected, which is important in the university landscape when a huge number of staff and students are introduced to the environment at the start of each academic year.
With tools like global actionable search, IT managers and admins are able to quickly locate infected and malicious files and take steps to contain and remove them, thereby limiting damage across the wider infrastructure.
And instant mass restore functionality means IT admins can restore hundreds of VMs and thousands of files instantly, at scale, to any point in time, in contrast to the days or weeks it can take to restore data with other backup solutions.
Protection for the future
While cybercriminals continue to push the boundaries of what, where and when they attack, happily the technology to combat ransomware and protect the critical and valuable data held across higher education institutions is evolving even more quickly. With the right strategy and approach, even backed up data can be protected.
For more about how M247’s range of data security, backup and disaster recovery solutions can support your institution, get in touch with our team today.
