In recent years, the global landscape has witnessed a rising tide of cyberattacks with colleges and universities across the United States and the United Kingdom.
Ransomware attacks, data breaches, and malware incidents are increasingly common, threatening the integrity and security of institutions’ data and operations. There is a wise saying in Akan that goes like this: “If you see that your neighbor’s beard is on fire, put a cap of water beside yours”. This goes to say that these things are not isolated in nature; African universities can be attacked just like their British and American counterparts. These happenings serve as a stark reminder for African universities to prioritize cybersecurity.
The education sector has been a prime target for cybercriminals, and the United States has experienced a significant surge in attacks. Notable of these attacks is the NetWalker ransomware attack that hit Michigan State University in May 2020. The cybercriminals requested a ransom of $1 million, which the university refused to pay. The cause of this attack was the inability of the Physics IT department to install a virtual private network (VPN) patch.
Another university that experienced another fate was the University of California, San Francisco, in June 2020. The university was also hit by the NetWalker ransomware; however, UCSF paid their ransomware debt and received decryption software to unlock its data. They spent a whopping amount of $ 1.14 million after a lengthy negotiation. While these institutions vary in size and location, they all share the everyday experience of cyberattacks, highlighting that every educational institution is at risk irrespective of size, location or status.
These incidents have had some devastating effects on the universities. These attacks have disrupted academic institutions, wreaked havoc on their operations, compromised sensitive data and, in some extreme cases, led to the closure of state universities. The consequences of these attacks are far-reaching. Beyond the immediate impacts like ransom payments and data breaches, some of the most severe incidents have resulted in class disruptions and, in a particularly alarming case, the complete closure of a college in Illinois. These attacks have also highlighted various vulnerabilities within educational institutions’ cybersecurity frameworks.
Amid these cybercrimes, important lessons have emerged that African universities can learn from and poise themselves to withstand a cyberattack. Cyberattacks are not a question of if they happen; it is more of when they happen. As a student lecturer or school executive, do you think your school will be ready to face these cybercriminals head-on? A robust cybersecurity program is the only logical solution to strengthening any institution’s digital security.
Developing a robust cybersecurity program would cost more money, human resources, and time. Still, it is essential to note that these costs cannot be compared to the devastating effects cyber-attacks have on educational institutions, their students and staff. A robust cybersecurity program should have four major components.
● The first component is the objective of securing the institution’s data.
This can be ensured using a centralized virtual private network for off-campus students and staff. This will provide a secure connection to the university’s resources to avoid cyberattacks such as man-in-the-middle attacks, which could lead to ransomware attacks. Educational institutions should also encrypt their data at rest and in transit to prevent sensitive information from being exposed to third parties, especially cybercriminals. All staff and students should use school-owned devices when accessing school online resources to ensure that no student or staff ignorantly gets onto the school’s network with a malware-infected device.
It is worth noting that securing data also involves educating the human resources that make the school, be it students or staff. Regular cybersecurity awareness training and campaigns are critical! As an institution, you don’t have to wait till cybersecurity awareness month (October); students are trickling in all year round, and so must the awareness training and campaigns. When human resources are enlightened, they become aware of the information they should and should not give. This will help ensure that no sensitive information is given out due to ignorance.
● The second component is managing access to the system.
Managing access is very integral to preventing cyberattacks. This is because every attack starts with a cybercriminal accessing a system they are not authorized to. How can access be restricted? It can be limited through Identity and Access Management. This will help ensure that only authorized students and staff can access centralized resources. This can be enforced through a centralized multi-factor authentication system to add an extra layer of security to student and staff accounts so they cannot be impersonated to access the institution’s network and cyberspace. Restricting access to specific sites on the school’s network is one of the ways to manage access. This will ensure that unsafe websites cannot be accessed, decreasing the spread of malware.
● The third component is detecting and monitoring threats.
One way this can be effectively done is establishing a security operations center (SOC). A SOC’s sole purpose is to monitor threats and vulnerabilities that cybercriminals can exploit. Some African Educational institutions think a team of cybersecurity professionals can suffice for a SOC. This is very wrong and needs to be corrected.
Establishing a fully furnished and equipped SOC is the only way to monitor and detect cyber threats before they happen. With a SOC, you can stop a threat actor or cybercriminal before they cause more havoc. While establishing a SOC might be highly costly, having a cybersecurity unit may be the next best option. It is essential to have cybersecurity experts who focus solely on securing the cyberspace of educational institutions.
● The last and fourth component is an incident response.
An incident response plan is a plan that details a complete set of procedures that need to be followed after an attack. It would interest you to know more than 45% of educational institutions have outdated incident response plans. It is crucial to a cybersecurity program for several reasons. In the event of a cybersecurity incident, time is of the essence. An incident response plan provides a structured and predefined set of procedures to follow when an incident occurs. This allows educational institutions to respond promptly and effectively, minimizing the impact and potential damage caused by the incident.
Incident response plans include procedures for preserving digital evidence related to the incident. This is crucial for conducting a thorough investigation to understand the nature of the attack, identify vulnerabilities, and, if necessary, take legal action against the perpetrators. Preserving evidence is also essential for regulatory compliance and reporting requirements.
By heeding the lessons learned from these incidents, African universities can take proactive steps to ensure the security of their digital assets and uphold the trust placed in them by their students, staff and stakeholders. The time to act is now, and it starts with recognizing the situation’s urgency and implementing robust cybersecurity measures to protect against the ever-present cyber threats.
Article by: Theresa Asiedu Gyamfi | univers.ug.edu.gh