Cybersecurity remains an important topic in today’s digital world, where the variety and severity of cyberattacks continues to grow. Without a holistic security strategy, many organizations could face costly repercussions if an attack occurs. Like many experts in the field, Dr. Dawn Dunkerley, Edge’s Principal Virtual Chief Information Security Officer (vCISO), says recognizing the inevitability of a cyberattack is essential. “Unfortunately, bad things are going to happen, whether the threat is ransomware or a data breach. In addition to attacks, we must also be wary of poor user behaviors. Organizations must get ahead of these threats by building a structure that allows them to respond effectively and efficiently. Planning and preparing ahead of time is vitally important and involves reviewing the incident response plan and understanding everyone’s roles and responsibilities, both inside and outside the IT department.”
Dr. Dunkerley has been working with Edge for two years, providing vCISO services and conducting Cybersecurity Health Checks for higher education institutions, K-12 schools and districts, healthcare organizations, municipal governments, and nonprofit organizations. “Edge’s vCISO services provide a cost-effective way to gain support and a roadmap towards cybersecurity maturity,” says Dr. Dunkerley. “One of the major challenges organizations face in the education community is retaining trained, qualified personnel. Edge can help fill that gap and augment an organization’s staff. As a vCISO, I aim to be an affordable, high-quality resource that member institutions can rely upon. I have a variety of roles, including helping with documentation, conducting webinars and lunch and learns, providing training and guidance to junior security team members, assessing vulnerability management strategies, and sharing the latest threats and emerging trends in the marketplace.”
Protection from Cyberattacks
While the pandemic drove transformation across many fronts, including digital learning, changes to the threat landscape evolved too. The rapid shift to remote work and learning quickly revealed many organization’s weaknesses and left them vulnerable to possible threats. “We continue to see a prevalence of ransomware, with groups who are specifically targeting the education sector,” says Dr. Dunkerley. “Previously, if you got ransomware, they would hold you at ransom, but hopefully you would get your systems unlocked. Now, we’re seeing that while you’re locked up, they breach your data as well. The attacks are going to continue to grow, evolve, and change. Organizations must remain agile and employ a layered security solution to try and stay one step ahead of potential attackers.”
To create a proactive cybersecurity strategy, an organization must consider both the internet and the World Wide Web. “The web is the pages you interact with while online or the human interface, and the internet is the network of connected computers,” explains Dr. Dunkerley. “There is no silver bullet that is going to fix everything, meaning that one security tool that works to protect from attacks on your actual network is not the same that protects your web servers. You must employ a defense in depth approach, which is a layered defense that incorporates improving human behaviors, technology, and processes. All of these three things have to be in place to protect the web presence, as well as the underlying network and associated data resources.”
When considering cybersecurity, organizations must also be aware of the dark web, the hidden collective of internet sites that are only accessible by a specialized web browser. “The dark web is where many bad actors post the data they’ve breached from organizations, including usernames and passwords,” says Dr. Dunkerley. “Your dark web footprint can be indicative of problems in your system and is an important component of lowering your vulnerability. Edge can conduct dark web vulnerability scans and help implement best practices, so if passwords are ever stolen, the risk is more contained. Mitigation tactics include using different passwords across multiple websites, conducting password resets, and instituting multi-factor authentication measures.”
Edge begins all initial security assessments by helping an organization understand their current level of maturity and determine security readiness. “We help build a work plan that incorporates best practices and helps fill any gaps,” explains Dr. Dunkerley. “This assessment also provides a unique external look from an attacker’s perspective and identifies current risk levels. We must remember that being compliant with a framework does not mean you’re secure. Managing cybersecurity goes beyond IT; cyber risk management is an organizational-wide concern.”
“Cybersecurity is continuing to gain attention in leadership outside of the IT department, from university presidents to town mayors,” Dr. Dunkerley continues. “They understand that their organizations are dependent on their information systems and data, and there are ramifications if they don’t pay attention to cybersecurity. Managing cybersecurity is not just an IT risk, managing threats is a business risk, and by getting cybersecurity out of the IT shop and into the larger discussion, you can equip your people properly and promote positive behaviors across the students, faculty, and staff.”
“Cybersecurity is continuing to gain attention in leadership outside of the IT department, from university presidents to town mayors. They understand that their organizations are dependent on their information systems and data, and there are ramifications if they don’t pay attention to cybersecurity. Managing cybersecurity is not just an IT risk, managing threats is a business risk, and by getting cybersecurity out of the IT shop and into the larger discussion, you can equip your people properly and promote positive behaviors across the students, faculty, and staff.”
— Dr. Dawn Dunkerley
Principal Virtual Chief Information Security Officer (vCISO), Edge
Optimizing Cybersecurity Insurance
As the risk of cyberattacks continues to rise, cybersecurity insurance is designed to help reduce the financial ramifications of cyber incidents and offers organizations a way to mitigate the losses from network damage, data breaches, malware, and overall business interruption. “We’ve seen the cost of cybersecurity insurance increase exponentially, while coverage goes down” says Dr. Dunkerley. “In addition, if an institution had an incident in the past, some are now facing a reduction or elimination of coverage because their current provider labels them too large a risk. Through my experience working with schools both large and small, I’ve gained a good understanding of what factors providers are looking for when determining if an organization is worth the risk.”
While exploring an organization’s current security profile, providers will look at perimeter protection, which includes identifying the traffic coming and going from the network and determining if proper controls are in place, like multi-factor authentication. “When assessing security strategies, the people, process, and technology framework is applied,” explains Dr. Dunkerley. “For the people component, this includes training programs, phishing testing, and general testing to determine if the team understands their role and responsibilities. Processes include whether an organization has up-to-date incident response plans; do they know what protocol to follow and who to contact in a time of crisis? Lastly, do you have the necessary technology? Edge continues to align our market portfolio to ensure our technology solutions match provider’s requirements. While an organization can never be completely secure, Edge can help them optimize their cybersecurity insurance.”
Institution-Wide Responsibility of Cybersecurity
As we head out of 2021 and into the future, periodically assessing network security is a crucial part of an organization’s cybersecurity plan. The Edge team’s in-depth knowledge of technology and security techniques helps to proactively identify and prevent potential risks that may adversely impact an organization. “I’ve never encountered an Edge member institution that wasn’t concerned about their data and systems, but creating an effective cybersecurity strategy can feel overwhelming,” shares Dr. Dunkerley. “Important questions to ask yourself are: do you know your current cybersecurity maturity? Are you aware of the best practices that should be incorporated, like regulatory, framework, or insurance requirements? Do you know where you need to be and how to accomplish that goal? Leaders outside of the IT space, including a president or business administrator, must also be aware of the procedures for tracking risk associated with the institution’s cybersecurity. Ensuring that an organization can operate safely and securely is an institution-wide responsibility. Edge can help create a comprehensive strategy that connects the dots between security and business, identifies the risks, and remediates new vulnerabilities as they arise. Depending on an organization’s goals and current security profile, we can recommend cost-effective solutions, provide the team with insight into improving security, and through regular monitoring and reporting, we help an institution to take proactive control of their cybersecurity needs.”
The least costly breach is the one that never happens. Edge can help improve your cyber defenses quickly and affordably Learn how at njedge.net/solutions-overview/cybersecurity.
