Data Hygiene Paves Path to High-Risk Problem-Solving

Higher education IT organizations must address increasingly complex and urgent information security issues. During a panel discussion at EdTech Talks 2022, hosted by Carahsoft, Doug Thompson, director of technical solutions engineering and chief education architect at Tanium, answered questions from a panel of technology leaders about some of the challenges facing educational institutions today.

We keep hearing more and more about institutions being hit with ransomware. What is the latest advice on how to respond to a ransomware attack? Do institutional security response plans need to change to keep up with the current trends?

Responding to ransomware is very much like responding to a breach. You want to isolate it—put it on an island and prevent it from spreading. The initial reaction I hear from a lot of people is, "Hey, we're just going to turn the server off and delete the malware. We're going to try to use our backups that are still on-premises, but they are getting infected, too."

It reminds me of when backups were done on tapes and shipped off site. Organizations did that in case there was a fire. Well, this is a fire—a digital fire that's coming. You need to have those things backed up and assume you will get ransomware. Work through those tabletop exercises so you know what you will do in case of a ransomware attack and the response is automatic—you don't have to think about it. The urgency and the speed at which you can find and remediate ransomware is the key to minimizing the damage.

The move to remote, hybrid, or flexible models of work and learning has blurred the borders of networks. What are some key considerations?

Educational institutions learned a lot when the coronavirus pandemic hit. They enabled remote learning, and security was a secondary concern. And now they've had time to digest and work security back in. Institutions have to identify the critical things, the crown jewels of what they have (research data, student information, etc.), and harden the area around them. The fundamental question is, where are all the endpoints? Where are they at any given time? Being remote on VPN limits what one can do, as the security borders of the network are blurred. For example, if I'm at Starbucks, I'm connecting into the network through the VPN. This opens the floodgates and security vulnerabilities where one can infect the institutions' entire network. Having visibility into all the institutions' endpoints and being able to have a conversation with those endpoints, to maximize security protocols and protect data at any given moment, is a top priority.

The cybersecurity landscape is changing at such a rapid pace. Institutions are being denied premiums, and insurance companies are adding more restrictions and limiting their payouts for certain types of losses. What needs to change for higher education institutions to keep up with new and ever-changing threats?

Automation! Educational institutions simply don't have enough people to stay on top of it anymore. A lot of breaches are exploits that there are patches for. But IT staff can't deploy patches on a timely basis because they have eighty-five other things to do. So how can some things be automated so patches can be installed and, more importantly, IT staff can confirm that machines were rebooted. I've seen cases where over three-fourths of the machines required a reboot, which means they were not patched. IT staff thought they were patched, but because the machines needed to be rebooted, they weren't. Simple hygiene like that will save staff members a lot of blocking and tackling. Then they can focus on the higher-risk things that require human intelligence to get done.

Doug Thompson is Director of Technical Solutions Engineering and Chief Education Architect at Tanium.