| by Brad Hudson, Deputy CISO, Columbia Advisory Group
CISSP, CCSP, CCNP, MCSA, MCITP:EA, SA
The year 2020 brought us all incredible challenges as we coped with the impact of COVID-19, and cybersecurity is no exception. 2020 created the “perfect storm” for cybersecurity when you consider how each of these trends has created enormous opportunity for cybercriminals:
We are all online more, even inexperienced users.
As students, staff, parents, and grandparents navigate networks, devices, passwords, and classroom experiences, there are many opportunities for security gaps. How are networks being accessed? How secure is the student’s computer? Who is using the computer at home? What network are they working on? Do each of these people know how to spot and react to a phishing attempt so that they don’t divulge sensitive information about themselves or their online work? Cybercriminals know that phishing works, and they prey on inexperienced or inattentive users.
Our networks have new vulnerabilities.
Working, schooling, and researching from home means accessing campus networks from home on a variety of user-owned devices, and the workarounds can leave institutions vulnerable to hacking.
The allure of student data is irresistible to cybercriminals.
Hackers have always sought student data because it provides a lifetime of opportunities to use, manipulate, sell, and otherwise profit from identity details. In this exposed environment, the prospects are increasing exponentially, and cybercriminals are taking advantage. Schools and colleges are more than twice as likely as the average organization to be hit by a business email compromise attack.
University research data is like catnip for hackers.
That cutting-edge research your institution is doing is stored online somewhere, and hackers know how valuable it is. Expect them to try to crack your cyber vault. If your research includes COVID-19 studies, you’re at the top of the target list.
People overreact to messages that reference COVID-19.
Phishing attempts, spoofing, and malicious download links trick many users with phrases like “New COVID-19 Protocols – click here to download” or “Update your account with COVID-19 acknowledgement.” Hackers and cybercriminals know we have heightened attention to such requests, and they prey upon our fears and desire to cooperate.
IT departments are busier than ever and budgets are tight.
With so many new users to support, hybrid classrooms to set up, devices to deploy and maintain, and new issues to resolve, it’s likely your IT staff is stretched thin, while your institution may have frozen or reduced IT budgets to cope with tuition revenue reductions.
So, what can your institution do to combat these threats?
- Prioritize IT helpdesk support to help users navigate their online world and set up safety protocols for themselves. If your IT team is stretched thin, consider an outsourced helpdesk that is white-labeled to appear as a seamless part of your IT team. At CAG, one of our support desks handles 515 tickets a week for a regional university, allowing IT staff to focus on other urgent, critical, or strategic projects.
- Conduct a cybersecurity vulnerability assessment so that you know exactly where your gaps are.
- Update your institution’s cyber risk register and prioritize accordingly.
- Consider the cost of a breach, and then consider the cost of hiring cybersecurity support. (Each breach can cost an institution tens of thousands to millions of dollars, in addition to reputational damage.)
- Educate your community on cyber hygiene. This is a never-ending battle. CAG’s virtual CISOs can assist with strategies to help your campus communities.
If your institution needs assistance with your cybersecurity strategy, assessment, remediation, or a virtual CISO, please contact firstname.lastname@example.org.