Ensuring Comprehensive Enterprise Security
As digital transformation, also referred to as Dx, continues to gain momentum across many industries, so does the rise of data breaches and cyber attacks. We then add in a swift pandemic-induced move to widespread remote learning and work life, and many organizations were left highly vulnerable to cyber threats. Since COVID-19, the US Federal Bureau of Investigation (FBI) reported a 300-percent increase in reported cybercrimes.1 Research has also revealed that 43 percent of breaches are attacks on web applications—double from 2019—and 27 percent of malware incidents can be attributed to ransomware.2 Unfortunately, without proper cybersecurity practices in place, many organizations can become susceptible to attacks, often unknowingly.
In 2020, SolarWinds, a major US information technology firm, was the subject of a massive breach, compromising approximately 18,000 SolarWinds customers. SolarWinds works with Fortune 500 companies, top US telecoms and accounting firms, hundreds of universities and colleges globally, and all US military branches. Investigation into the breach discovered that cybercriminals compromised SolarWinds’s Orion solution that helps organizations manage their networks, servers, and networked endpoints. Cybersecurity experts believe that the cyber actor concealed malware inside Orion’s software update. When installed, the malicious code enabled the hacker to perform reconnaissance, elevate user privileges, move to other environments, and compromise sensitive data.
Among cybercriminals’ top targets are institutes of higher education, due to the large amount of personally identifiable information (PII) and research data available, as well as the opportunity to hold data or websites for ransom. Just recently, the University of California (UC) fell victim to a nationwide cyber attack where a ransomware group stole personal data from the University and that of hundreds of other schools, companies, and government agencies. The attack targeted a third party vendor service, Accellion, which is used by the University to securely transfer files. The hackers responsible for the breach have been threatening to publish private information of staff members and students if payment is not received. The SolarWinds and UC incidents are grave reminders of the importance of data protection and risk assessment, especially when partnering with vendors through outsourcing for software services.
Designing Proactive and Preventative Strategies
With the compilation of a massive amount of sensitive information from a large population of people, institutes of higher education often fall on a cyber criminal’s radar. Colleges and universities typically have open networks, providing their students with easy access to their needed apps and services. Plus, students and faculty are connected through multiple devices, creating an increased opportunity for cyber attacks. Educational institutes often become low-hanging fruit for cyber actors, because due to stretched budgets, investment in security is not always given top priority.
Nearly every institution outsources some activities, such as IT functionality, security, and software development, to an external service provider. Moving forward, educational institutions should focus on implementing procedures and policies to minimize the information accessed or disclosed to third-parties. Most importantly, every organization should create a comprehensive vendor security management process that pinpoints and closes gaps in their cybersecurity strategy. With this in mind, Edge works with its members to put cost-effective preventative measures into play and help assess, identify, remediate, prepare, and recover from institutional cyber attacks.
EdgeDx Cybersecurity solutions are designed to help the member community improve their cyber defenses as quickly and affordably as possible. Edge can assist your organization by addressing vulnerabilities and mitigating risk through:
Assessment and Vulnerability Management
Monitoring, Alerting and Response
Phishing and Security Awareness Training
Multi-factor Authentication (MFA) & Access Management
Improving an Organizations’ Security Posture
Previously known as EdgeSecure, the expanded EdgeDx Cybersecurity solution offers a full suite of enterprise security services and helps organizations accomplish their enterprise security, risk management, and compliance initiatives. Edge’s Cybersecurity professionally spans the enterprise information technology domain from wide area networking to physical security practices, as well as social engineering and staff development to harden an organization against all manner of security threats. Edge’s holistic security approach begins with a Cybersecurity Health Check to identify an organization’s vulnerabilities and to establish a measurement baseline. This assessment evaluates the maturity of an organization’s security program based on industry standards and controls, identifies any gaps, and designs an incremental roadmap to improve the overall security posture of the organization. The assessment program involves interviewing staff/stakeholders, reviewing policies and procedures, determining risk appetite, identifying weaknesses, and providing detailed, actionable recommendations to improve the security program.
An essential component of identifying potentially dangerous interactions between member networks and known/unknown actors is by observing and identifying verified patterns of malicious activity. As part of the Cybersecurity Health Check, Edge conducts an analysis using proprietary/specially negotiated data feeds gathered at the Tier 1 providers level and delivers a scope of visibility far beyond that obtained from a traditional Netflow analysis. This service is available on a one-time basis as part of the assessment, or can also be provided monthly or bi-monthly on a subscription services basis. The analysis will detail any observed patterns or causes for concern within the member’s selected IP range.
Depending on the specific activity an institution would like to explore, the report shows activity with IP addresses known by the cyber intelligence community to be malicious or controlled by harmful actors, unknown beaconing or malware activity traffic to or from dark-web hosts or relays, large data communications, suspicious patterns of communications or events in data flows, traffic to or from inappropriate foreign network locations, or peculiar types of communications that would not be expected, such as disguising external data breaches.
In conjunction with the security assessment or by way of subscription services, an institution can also have a once-monthly scan conducted on the dark web. This scan provides a snapshot of the categorized risk associated with data being sold or shared. The active monitoring also includes GitHub code repositories. GitHub hosts the source code for thousands of different products, including software that’s being developed within a research lab or other university resource. The dark web analysis also monitors those source code repositories to ensure they don’t contain information about the institution that can be exploited, such as plain text passwords.
Identifying and Overcoming Vulnerabilities
Edge will also conduct an assessment of vulnerabilities in current systems, including public/private facing servers, network devices, and workstations. Edge’s Cybersecurity team uses Qualys, one of the leading providers to perform these scans, and provides a detailed report with a prioritized list of vulnerabilities, the affected devices, and the recommendations to mitigate these vulnerabilities. Another important component of the Cybersecurity assessment includes searching the Internet for domains that are registered using an organization’s name or intellectual property in bad faith or infringing on their copyrights. In regards to physical security, Edge will review an institution’s physical and environmental protection policies to ensure that they address the purpose, scope, roles and responsibilities, executive commitment, and departmental coordination needed to create a physically secure environment for systems to operate. Edge will also annually inspect the access to locations where sensitive systems operate in order to ensure they are restricted to legitimate users. Additionally, an organization will be able to confirm that proper environmental controls are being instituted, including fire suppression, temperature, and humidity.
Most institutions lack the resources to conduct 24/7 monitoring to discover and remediate network threats. Edge can act as an extension of an organization’s team to help monitor and respond to emergent threats around the clock, or provide subscription-based services based on an organization’s needs and current security profile. Since the least costly breach is the one that never happens, this robust suite of services provides an institution’s IT leaders with solutions for setting programmatic goals and improving security outcomes. With a comprehensive security plan in place, institutions can greatly reduce their vulnerability to cyber attacks, substantially mitigate the economic impact if a breach ever takes place, and make proactive, responsible decisions that continually improve cybersecurity within their organization.
Looking to improve your organization’s security posture and improve breach preparedness? Explore EdgeDx Cybersecurity services at njedge.net/solutions-overview/cybersecurity.
1FBI Urges Vigilance During COVID-19 Pandemic. April 2020.
2Verizon 2020 Data Breach Investigations Report. May 2020.