Changing cybersecurity compliance puts higher education under pressure.

U
Userlevel 6
Badge +2

Higher education institutions are under pressure as a result of new cybersecurity compliance regulations. With an increasing amount of sensitive data being stored on digital platforms, it is critical to ensure that cybersecurity safeguards are in place to protect the information.

CISA is proposing a new rule that would require covered entities to report cyber incidents and ransomware payments to CISA within hours.

https://www.securitymagazine.com/articles/99063-new-cybersecurity-compliance-puts-pressure-on-higher-education

This is in response to the increasing frequency and severity of cyberattacks and ransomware incidents, which can have serious consequences for critical infrastructure and educational institutions.

When I was an engineering student, I attended a state government university where, in our seventh semester, a Communication Engineering paper was leaked online via email and the college's official account was briefly compromised. This security breach caused major concern for the college, students, and authorities, challenging a student's future and trust in the university.

Consequences, however, force the university to update its website and Technical Credentials. We administered exams according to a different format, which caused a commotion at the time. A few managers and authorities in the test department also changed.

Cyber threats can have significant impacts on individuals, organizations, and even society as a whole.

Share your experiences or any harrowing memories you might have?

10 replies

A

My time in college was back in the 90s, at CMU, that had the Andrew system:

https://en.wikipedia.org/wiki/Andrew_Project

I imagine the security wasn’t that great, but I wasn’t looking to hack it and get kicked out of school :)

That network did facilitate a lot of online gaming though, with some people getting so addicted to this game that they flunked out.  There would be teams in computer labs playing against each other, yelling commands:

https://en.wikipedia.org/wiki/Netrek

The wikipedia article even mentions how popular it was at CMU:

“In 1989, the source code was posted to Usenet. In the fall of 1990, UCB alumnus Terence Chang set up a public Netrek server at Carnegie Mellon University where he was attending graduate school.[4] In spring 1991, the first inter-scholastic game was played between UCB and CMU, and in January 1992, the "International Netrek League" (INL) was formed, so that teams could form and compete with one another (as opposed to pick-up play, in which games are played by whoever connects to a server, and players enter and leave as they wish during the course of the game). Netrek was very popular in the Carnegie Mellon computer clusters for a number of years in the early 1990s.”

A

I do not have personal experiences or memories, but I can provide examples of cyberattacks that have caused significant impacts. One of the most notable cyberattacks was the 2017 WannaCry ransomware attack, which affected more than 200,000 computers in 150 countries, including hospitals, businesses, and government agencies. The attack caused significant disruption and financial losses, highlighting the need for cybersecurity measures to prevent and respond to such incidents.

Another example is the 2020 SolarWinds cyberattack, which affected numerous government agencies and private companies. The attack involved the insertion of malicious code into SolarWinds software, which was then distributed to customers through software updates. The attackers gained access to sensitive information and were able to conduct espionage activities. This attack demonstrated the sophistication and scale of modern cyber threats and the need for constant vigilance and preparedness.

Overall, cyberattacks can have serious consequences for individuals, organizations, and society as a whole. It is crucial to prioritize cybersecurity and implement appropriate measures to prevent and respond to cyber threats.

 

 

 

A

Cybersecurity threats are dynamically changing the working of cyberworld. Recently Dell Technologies has announced a slew of new security services and solutions to help organizations protect against online threats, respond to cyber attacks and secure their devices, systems and cloud infrastructure.
Chuah Yeow Chong, vice president, services sales, Asia Pacific and Japan, Dell Technologies said that these new security services and solutions will offer organizations more security choices to protect their business, data, intellectual property and reputation.
Chong noted that in 2022, 48% of disruptions experienced by organizations across Asia Pacific and Japan were caused by cyberattacks.
Furthermore, Dell said that 72% of IT business leaders and professionals believe the changing working world exposes their organization to a greater risk.
Dell security portfolio availability
Dell said that all these new security solutions are now available globally.
Managed Detection and Response (MDR) Pro Plus
Dell is expanding the capabilities of its MDR offering with Managed Detection and Response Pro Plus that will help organizations prevent, respond and recover from security threats.

A

I do not have personal experience ,but i can share a recent cyber attack on university

According to Forbes, ransomware attacks are the most prevalent sort of recent cyberattacks that have hurt higher education. Universities paid ransom in the amount of $112,000 on average during these attacks, despite the fact that experts claim that ransom demands can reach millions.

In November of last year, Xavier University in New Orleans was subject to a cyberattack. The gang in charge claimed to have stolen student and faculty member personal information, which it subsequently leaked on the dark web. After the incident, the university informed students and teachers through email that they will contact everyone who may have had their data taken.

LSU experienced internet issues all day Monday as well. The university's IT division attributed the problem to a DNS problem, however later that evening it announced that "service has been restored."

However, the institution reported Tuesday morning that "sporadic connection" was once more present on campus.

In an email sent on Tuesday afternoon, LSU stated that there was "no evidence at this time that anyone's personal information has been hacked or disclosed" and that the internet troubles there were not the consequence of any ransomware assault.

Additionally, the email noted that the internet was now steady.

The federal cybersecurity & infrastructure security agency advises everyone to exercise caution when clicking on links or opening attachments in emails, check website security before providing passwords, authenticate email senders, and use antivirus software to protect against ransomware attacks.

A

Another example is the 2020 SolarWinds cyberattack, which affected numerous government agencies and private companies. The attack involved the insertion of malicious code into SolarWinds software, which was then distributed to customers through software updates. The attackers gained access to sensitive information and were able to conduct espionage activities. This attack demonstrated the sophistication and scale of modern cyber threats and the need for constant vigilance and preparedness.

 

The SolarWinds hack was huge, and the attackers were in there for a long time.  After it became clear that it was a Russian state-sponsored attack, I asked my CISO if there was anything a regular company could to do protect itself if they were in the crosshairs of a nation-state attack.  He said no, they’ll get in because they have the resources.  The best you can do is hope to detect the intrusion and take action before it’s too late.

A

Another example is the 2020 SolarWinds cyberattack, which affected numerous government agencies and private companies. The attack involved the insertion of malicious code into SolarWinds software, which was then distributed to customers through software updates. The attackers gained access to sensitive information and were able to conduct espionage activities. This attack demonstrated the sophistication and scale of modern cyber threats and the need for constant vigilance and preparedness.

 

The SolarWinds hack was huge, and the attackers were in there for a long time.  After it became clear that it was a Russian state-sponsored attack, I asked my CISO if there was anything a regular company could to do protect itself if they were in the crosshairs of a nation-state attack.  He said no, they’ll get in because they have the resources.  The best you can do is hope to detect the intrusion and take action before it’s too late.

While it's true that nation-state attackers often have significant resources and expertise, there are still steps that companies can take to protect themselves against these types of attacks. Here are some best practices like Implement strong security controls, Train employees, Limit access, Monitor for unusual activity and Engage with security professionals.

A

True, and you want to use those.  Just realize that if Russia is trying to break into your network, they’re going to get in eventually :)

U
Userlevel 6
Badge +2

My time in college was back in the 90s, at CMU, that had the Andrew system:

https://en.wikipedia.org/wiki/Andrew_Project

I imagine the security wasn’t that great, but I wasn’t looking to hack it and get kicked out of school :)

That network did facilitate a lot of online gaming though, with some people getting so addicted to this game that they flunked out.  There would be teams in computer labs playing against each other, yelling commands:

https://en.wikipedia.org/wiki/Netrek

The wikipedia article even mentions how popular it was at CMU:

“In 1989, the source code was posted to Usenet. In the fall of 1990, UCB alumnus Terence Chang set up a public Netrek server at Carnegie Mellon University where he was attending graduate school.[4] In spring 1991, the first inter-scholastic game was played between UCB and CMU, and in January 1992, the "International Netrek League" (INL) was formed, so that teams could form and compete with one another (as opposed to pick-up play, in which games are played by whoever connects to a server, and players enter and leave as they wish during the course of the game). Netrek was very popular in the Carnegie Mellon computer clusters for a number of years in the early 1990s.”

I saw the streaming of the Netrek gameplay.
Starbase war at Polaris 😀


I feel bad for the students who flunked out for a game that was doing awesome in terms of supporting 16 players. Which is entirely cross-platform open source software working on real-time strategy back in the days when playing a computer game was a lifestyle. As the successor to Xtrek, Netrek came back with more updates and possibilities.

However, the results of being flunked out and the breaches were not good or right, but the initiatives to set up a public network server and making it run are quite admirable.

A

Cybersecurity attacks on educational institutions are not just an operational or financial issue. They compromise student data and harm the overall integrity and reputation of institutions that have been built painstakingly over the years.

 Institutions in the higher education sector face a litany of complicated security challenges, primarily driven by the need to protect, support, and manage an expansive volume of digital assets that are constantly vulnerable to attack. Cyberattacks on higher education are increasingly frequent and damaging. Meeting the challenge, especially in higher education, requires strategic thinking, and that strategy must come from cybersecurity-specific strategic thinking. 

 

In 2019, over 1,000 public schools in the US were hit by ransomware, according to cybersecurity firm Armor. Among the affected schools, Rockville Center School 
District paid a ransom of USD 88,000 to receive a decryption code for ransomware-encrypted files.
The pandemic has accelerated the growth of endpoint devices including computers, laptops, smartphones and tablets that are owned and operated by the average person. It must be noted that understanding the universities’ vulnerabilities, how these cyberattacks work, and how to stop these attacks.


 

Sudhakanta Mohanty
Userlevel 4
Badge +3

Cybercrimes are motivated by financial gain and Cybercriminals target educational institutions due to their size, function, and stature.

I found a news article about cyber attacks you can check here 

https://www.telegraphindia.com/edugraph/career/why-does-the-education-sector-need-to-make-cyber-data-security-a-priority/cid/1919716

Reply


Terms & ConditionsCookie settings