We all know that university students are high-risk users. They’re tech savvy, often know more than their IT department, and are generally unconcerned about the security and wellbeing of their university’s IT system. When you combine those users with networks that represent a repository of so many types of valuable data — like personal information on teachers, staff, and students along with payment information and health records — universities understandably become a top target for financially-motivated cybercriminals.
Which might go some way to explaining why the education sector has the highest rate of ransomware of all industries. In fact, educational organisations experience over three times the number of ransomware attacks than those in healthcare, and more than ten times those in finance. Students are happy clickers and all it takes is one student to click on an insecure link in a phishing email for ransomware to find its way in.
But what can you do about it? No solution should force students to change their behaviour because they’ll simply try to circumvent it. So as part of any cyber defence strategy, universities should now make logon management a top priority for 2018.
Logons — the common denominator in all attacks
The act of logging into a system is present in all internal and external attacks on school and university networks — whether it’s a student hacking into systems using a teacher’s stolen password, or a teacher up to no good, or even an external attacker using stolen credentials. So, while the usual endpoint security and next-gen anti-virus efforts are important to mitigating these risks, employing logon management techniques prove much more effective at getting to the root of the problem.
Logon management provides the earliest of warning signs to attacks, which means you can stop those attacks before they even happen. Unlike traditional security that waits for an attacker to perform some kind of inappropriate action, such as attempting to access sensitive data or making copies to a USB stick, logon management identifies a potential attack at the time of the login — well before any would-be attacker has a chance to access sensitive data.
Educational organisations experience over three times the number of ransomware attacks than those in healthcare, and more than ten times those in finance.
Logon management also limits false positives. With so many users logging on — and at just about any time of the day in universities — it’s critical that the IT department is certain that any given attack is real. By configuring logon management “rules” based on what is normal login behaviour, IT administrators can receive instant alerts when a logon looks particularly suspicious. For example, if a student gets a hold of a teacher’s credentials and tries to logon on a Saturday at 3am, chances are, that’s a security breach — and the IT department needs to know about it.
As an added bonus, you don’t have to train all your students, so don’t have to change their behaviour if you deploy logon management techniques.
How logon management works
The concept of logon management centres around four primary functions — all working together to maintain a secure environment.
The first function is policy. Policy establishes who can logon when, from where, for how long, how often, and how frequently. It can also limit specific combinations of logon types (such as console- and RDP-based logons) and users. The second function is monitoring. Being aware of every single logon as it occurs serves as the basis for the enforcing policy, alerting, reporting, and more. Alerting forms the third and key pillar of logon management, whereby IT admins and relevant users receive automatic and near-instant alerts to any inappropriate or suspicious logon activity. Finally, response enables the IT department to interact with a suspect session, to lock the console, log out the user, or even block them from further logons — before any damage is done.
The key to getting each of these pillars to work, and to work together, is technology. No IT team has the resources to do it manually. But with an effective logon management solution in place, IT teams can secure their entire network against ransomware and unauthorised access to data, giving students the utmost protection.
To find out more about how logon management can help schools and universities better protect students and networks, read the case for logon management in education white paper by IS Decisions.