Shielding universities from ransomware with cloud backups

The number of ransomware attacks against universities doubled from 2019 to 2020, with the average cost standing at £322,709 (US$447,000)

Ransomware is the number one cybersecurity threat facing universities. Education institutions are now being routinely targeted, with the number of attacks against universities increasing by 100% from 2019 to 2020, and the average costs in ransomware payouts standing at £322,709 (US$447,000). The UK’s National Cyber Security Centre says it handled more than three times as many ransomware incidents in 2020 than in the previous year. Meanwhile, the Ransomware Task Force (RTF) submitted a report last month calling for “aggressive and urgent” action. Protecting data has never been more important for universities than now.

It’s not surprising that education is a highly targeted sector. University research labs contain a wealth of proprietary, confidential intellectual property data and, with more and more independently funded projects, it’s become more challenging for IT departments to maintain tight security. But if they’re innovative about adopting cloud technology, they will be able to keep ransomware operators at bay.

The changing role of the university IT department

The days of the university IT department having any semblance of control over what goes on at the level of individual labs and departments is pretty much over. When universities relied on central IT for computing resources, it was easier to deal with security issues. Now that there are hundreds of IT projects going on at universities that don’t necessarily have anything to do with the central IT department, it’s far more difficult to keep on top of and security can become an afterthought.

University research labs contain a wealth of proprietary, confidential intellectual property data and, with more and more independently funded projects, it’s become more challenging for IT departments to maintain tight security

Parallel to this trend is the ‘marketplace’ among many research communities for sharing custom applications and software that can be run in the cloud. Over time it’s become commonplace for departments and faculty members to buy IT services on the web or piece together their own solutions, rather than deal with the university’s IT department. Universities, therefore, need to provide the infrastructure that allows faculty and students to develop and run the programs they need in a secure way, and that infrastructure increasingly consists of cloud compute resources and storage. 

Part of this involves university IT departments repositioning their role – they need to act less like gatekeepers and more like managed service providers. Most organisations employ third-party firms to help them set up networks, provision compute resources, or recommend and implement software, and universities should follow suit. This transition should involve them moving away from on-premises data storage and towards the cloud. 

Accounting for human nature

Something that will always be true is that ransomware infections, more frequently than not, occur because of user error or carelessness. People are human and they make mistakes. They fall for scams, they get tricked into giving out their credentials, or they get tricked into clicking on and installing malware. Most of the security industry focuses on intrusion prevention and detection.  But it’s a losing battle because the vulnerabilities are not just technical – they depend on people never making a mistake. And that’s not likely to ever be the case.  

So rather than obsessing over the latest firewall technology or intrusion detection software, it’s often better just to have everything fully backed up. Restoring data is one thing, but in many cases the only way to get rid of ransomware is to wipe the computer’s disks and start afresh. That means IT teams have to reinstall operating systems and other foundational software, plus all of the applications in order to restore the data. It’s also essential for teams to practise the restoration process and frequently test it to further prepare before ransomware hits. 

Backing up data in the cloud 

In the event of a ransomware attack, universities need to be back on their feet in a matter of minutes, rather than days. Cloud data centres are online and staffed at all times, benefiting from fast restoration times and an extra, independent layer of security by way of constant on-site surveillance and the latest security protocols. The always-on nature of data stored in the cloud means that organisations can still get immediate access to their data, while getting optimal protection. It’s also essential to practice the restoration process and frequently test to further prepare before ransomware hits. 

The always-on nature of data stored in the cloud means that organisations can still get immediate access to their data, while getting optimal protection

The best way to keep ransomware operators at bay is to have redundancy and resilience built-in, which means it’s necessary to have multiple backups of data in the cloud. The industry-favoured ‘3-2-1’ backup strategy is highly recommended – this sees organisations keeping three copies of data, with two on different media formats, and one of those off-site. This method allows for operational continuity in the event of an attack. 

However, data in the cloud can still be affected by ransomware and some operators will try to extort money from organisations by targeting cloud backups. In these instances, attacks are often started on-premises (by way of an infected USB flash drive, attached file, URL download, or other) and uploaded to the cloud through a backup. In some cases, cybercriminals can access the networks of victims via exposed remote desktop services, gain access to their cloud credentials, and then proceed to delete their cloud backups, before deploying the ransomware.

To ensure that the air gap between active data and the backup copy is secured, universities need to embrace ‘immutable’ storage capabilities from their cloud provider. Immutable means that any data written to that bucket (the container holding the data) cannot be deleted or altered by anyone, not even a systems administrator, during a specified retention lifetime. Buckets can also be configured to delete the data automatically after that retention period has elapsed. This helps in preventing ransomware attacks, which typically work by encrypting the data and making it only accessible through purchasing a key from an attacker. 

The threat of ransomware attacks is one universities will likely be dealing with for the foreseeable future, so it’s critical that IT departments are prepared for such eventualities. Part of the solution will involve IT departments transitioning into more of a service provider role, by outsourcing their IT and storage needs to cloud providers who can keep their data safe and secure at an affordable price. The move to the cloud may seem inevitable, but it will be a pivotal step for the industry in guarding against future cyber-threats.


You might also like: It’s time to fast-track digital and cater to a new generation of career learners


 

Leave a Reply