Monday - Friday 8am to 5pm EST
Office 16701 Melford Blvd, Suite #400 Bowie, MD 20715

Higher Education and Cybersecurity

“Back to School” season is in full swing! As students, educators, and administrators return to their respective institutions, it’s worth knowing that the prioritization of cybersecurity is just as crucial to the higher education space as it is to other industries.

In recent years, colleges and universities have increasingly found themselves the targets of cyber criminals. According to a recent survey, 53% of higher education organizations suffered a cyber attack, up from 44% the year before. The complexity and impact of these cyber attacks have also increased by 50%. (Sophos) https://assets.sophos.com/X24WTUEQ/at/pgvqxjrfq4kf7njrncc7b9jp/sophos-state-of-ransomware-education-2022-wp.pdf

Successful cyber attacks have forced institutions to halt research programs, recover hacked student or employee data, pay ransom fees to recover stolen data or stop malware from infecting their entire system. In some rare cases, some institutions have had to close their doors entirely due to a damaging and costly cyber-attack.

With that in mind, we will explore specific ways higher education institutions experience cyber crime and how they can strengthen their overall digital security.

Most Common Cyber Crimes Faced by Higher Education Institutions

Colleges and universities are popular targets for cybercriminals. These organizations, especially large universities, contain extremely valuable data across various departments and branches.

The most valuable data hackers seek to either steal or ransom are research data, student/employee data, and financial data.

Research data is often the most sought-after and potentially most lucrative data for cyber criminals. Many universities are engaged in sensitive research projects that can lead to healthcare, technology, and policy breakthroughs. A recent survey found that 74% of universities have had to halt valuable research projects due to a cyberattack.

Hackers will try to steal data that they can sell to a third-party, including to another government, or they will “lock” the data and demand a ransom for its release. In 2020, the University of California – San Francisco paid a cyber gang over $1 million for the return of data being used to create a Covid-19 vaccine. https://www.bbc.com/news/technology-53214783

Student and employee data is another prime target. This data is especially popular to steal as criminals then sell the data. They may also conduct cyber attacks on students’ or employees’ private accounts in the hopes they can use the same credentials across platforms. The FBI recently warned colleges and universities that stolen student and employee data is being sold on the dark web. https://thecollegepost.com/stolen-university-information-forum/

Financial data is also a popular target. This includes customer transaction records, membership information, enrollment figures, and more. The impact can be devastating when a university discovers this kind of data has either been stolen or compromised.

That is what happened to Illinois’ historically Black Institution Lincoln College which had to close after 157 years of operation. This cyber attack prohibited the school from accessing recruitment, retention, and fundraising data needed to continue operations. https://thecollegepost.com/lincoln-college-permanently-closes/

Challenges Facing Higher Education Cyber Security

Even if a higher education institution has a robust digital security plan in place, the very collaborative nature of the education environment poses its own challenges.

Whether they work or study at the same or different universities, students and educators are open to sharing data and information with colleagues and peers at other institutions. This can make it challenging to ensure data is kept secure when openness and collaboration are encouraged.

Even if a university mandates specific processes when accessing data, there are no guarantees that university professionals and faculty will adhere to those processes. Some university professionals, by nature, often distrust system-wide rules and prefer to do things, like accessing data, on their own terms. https://talion.net/blog/6-unique-cyber-security-challenges-in-higher-education/

Finally, many schools have limited cyber security budgets. Despite the growing reliance on digital data, institutions often regulate cyber security to the IT budget and are not a priority for the entire organization. That view is changing though, in some states. Recently, California planned to allocate $100 million to improve its community colleges’ cybersecurity.

Ways to Improve Higher Education Cyber Security

Here are some helpful suggestions to help improve their digital security.

Conduct Regular Security Assessments: With institutions and campuses often having a wide range of technology available on site, it creates a broader field for hackers to target. Higher education IT leaders should work with internal teams and external vendors to determine what weak points exist in their networks.

Adopt a Threat Hunting Philosophy: Thinking that an organization’s system is secure because nothing overtly wrong is happening leads to a false sense of security. Instead, cyber security teams should work as if their system is already compromised and seek out the potential harmful activity. Being actively engaged will help sharpen the cyber teams’ skills and prepare them and their networks for the next large-scale attack.

Reinforce Endpoint Security Mechanisms: More students, teachers, and employees are either studying or working remotely. That can result in sensitive university data being accessed on a less secure personal computer or device. Advanced endpoint protection technologies can monitor for potential threats, both incoming and external, and defend against attacks wherever they occur.

Reinforce Endpoint Security Mechanisms: More students, teachers, and employees are either studying or working remotely. That can result in sensitive university data being accessed on a less secure personal computer or device. Advanced endpoint protection technologies can monitor for potential threats, both incoming and external, and defend against attacks wherever they occur. https://edtechmagazine.com/higher/article/2021/09/proactive-approach-avoiding-zero-day-attacks-higher-education

With higher education institutions facing cyber attacks almost daily, each organization must frequently assess its current digital strategy and take a proactive approach to monitor and stop future attacks. Doing so will ensure that the institution will maintain a safe and vibrant learning environment for students and teachers.

Does your school or institution need guidance or additional support for cybersecurity? Reach out to J5 Consulting and connect with our team of IT experts.

Cybersecurity Essentials and Best Practices for Small Businesses

As small business owners and entrepreneurs seek to grow their businesses, the list of challenges is often insurmountable. Accounting, inventory, taxes, and hiring employees are often the highest priorities to address, yet cybersecurity is just as important.

In reality, many small businesses don’t think of themselves as a target for cybercrime. Criminals and bad actors normally target large corporations and government agencies; however, small businesses are an easier mark for crimes such as ransomware and network takeovers. Many smaller companies suffer from an infrastructure that does not allow them to practice essential cybersecurity techniques or develop a security plan to ensure their equipment and networks are protected In fact, according to the U.S. Government’s Ransomware Task Force, in 2021, businesses with less than 500 employees were hit by 70 percent of the attacks in that year. https://wamu.org/story/22/08/12/what-experts-think-companies-should-do-when-ransomware-strikes/

The Cybersecurity and Infrastructure Agency (CISA) recently released some guidelines for small businesses with specific tasks for company owners, IT leads, and security program managers. We will explore these recommendations and their relevance to today’s small business owners.

The CEO’s Role in Cybersecurity

Cyber security starts at the top with the company’s owner or CEO. It’s up to each leader to offer clear directives to employees, IT, and the security team to mitigate cybersecurity risk.

Establishing a Culture of Security: Just as creating a company culture benefits and enhances everyone. The same is for cyber security plans. It’s important to establish that everyone on staff, not just the IT team, must take responsibility. CEOs should always communicate critical security updates when necessary and encourage open conversations on potential risks. Also, CEOs should set quarterly security goals with the leadership team and their respective departments. Finally, CEOs should keep on top of recent trends and potential threats and prepare to enlist a seasoned IT consultant to assist.

Create a Security Program Manager Role: Designate someone on the team as a “Security Program Manager” to oversee the implementation and execution of cyber security initiatives and protocols. This individual does not necessarily need to be an IT professional but someone competent to manage the process and give the CEO timely updates.

Support the IT Team: If a company is large enough to have an IT manager or even an IT team, the CEO needs to empower them by example. CEOs should not rely on IT to ensure all staff employs best practices. For example, suppose all employees must follow Multi-Factor Authorization (MFA) to secure their accounts. In that case, the CEO should drive the communication on that to ensure that all employees are aware. This will ensure that the CEO is the one driving the culture of security in the organization.

IT Lead and Security Program Manager Role in Cybersecurity

Depending on the size of the company, a small business might have a dedicated IT lead, Security Program Manager, or someone on staff who oversees or shares the duties of these roles with others. Below are some critical tasks and responsibilities that they should be aware.

Write and Manage the Incident Report Plan (IRP): The IRP documents list all the necessary actions an organization needs to take before, during, and after any potential cyber incident. It outlines key roles and responsibilities and gives a detailed course of action should the company’s network or data be affected.  CISA recently posted this guide on how to create a company IRP. https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdf

Host Tabletop Exercises: These drills or scenarios are a great way to test a company’s cybersecurity response. A leader presents a scenario to the team, for example, someone’s laptop gets locked by ransomware, and asks how staff would respond. Lessons learned from the exercise should be implemented to update the Incident Report Plan.

Ensure Software Updates and Equipment Encryptions: Double check that all equipment runs the latest software with security patches as needed. Also, remove user administrator access on software for those employees that don’t need them. Many software hacks occur when a bad actor can get someone to download malicious software without approval from the IT lead or Security Program Manager.

Staff and Employees’ Role in Cybersecurity

Finally, a company’s first line of cyber defense is often its staff engaged in daily activity for the company. While security software might be running in the background, employees staying vigilant and using common sense can be the best defense.

Secure Endpoints: With so many employees working from home, or another location, while using company equipment, the “attack surface” increases. An “attack surface” is all the possible vulnerable points of entry for a malicious actor to access. Any unsecured desktop computer, laptop, phone, or USB device is a potential target. All staff must be able to secure their devices based on the company’s security protocols. https://www.techtarget.com/whatis/definition/attack-surface

Empower Employees to Speak Up: In creating a culture of security, it’s also essential to let employees know they are welcome to share their thoughts or even experiences of phishing or other cyber attacks. Employees, as long as they are not acting with malicious intent themselves, should not be made to feel guilty if they are the recipient of a cyber attack that impacts the company. They should also be encouraged to be vigilant and report even the slightest hint of a bad actor to the appropriate team member.

Train Employees on Cyber Security: Keeping staff updated on the latest cyber security practices and trends is often an excellent first line of defense. Consider bringing in an experienced IT consultant that can provide training and expertise in this area.

Cybersecurity can no longer be viewed as problem faced by only large companies or organizations. No matter a company’s size, everyone must be vigilant and proactive by staying up to date on best practices and practicing proper cyber hygiene to keep everyone’s equipment and networks safe and secure. 

Does your small business need guidance or additional support for cybersecurity? Reach out to J5 Consulting and connect with our team of IT experts.

How the Energy Industry Can Improve Its Response to Cyber Threats

Energy impacts everyone in the world. Without uninterrupted access to power, today’s economy and society would come to almost a complete halt. Yet, the current energy industry in the United States, by and large, relies on a fragmented network that is still vulnerable to attacks and disruptions, both from nature and by man.

Last year’s Colonial Pipeline cyberattack is a prime example. Russian hackers effectively infiltrated the company’s oil pipeline system through a single compromised password and username found on an unsecured virtual private network (VPN). The company paid the hackers over $4.4 million to restore their system, but not before it caused widespread delays across the East Coast. The attack is still the most significant cyberattack impacting the oil industry on U.S. soil.

Another attack like the one on Colonial Pipeline is likely soon, and could be even larger. With this in mind, we’ll explore the current energy cybersecurity landscape and offer recommendations for improvement.

Energy Security Must Focus on Changing Consumers and Technology

For a long time, the energy industry felt that it could effectively and quickly respond to a cyberattack due to security personnel being on-site to monitor for, and respond to, an incoming attack. Also, in the past, many of these attacks were typically malware in origin and focused on the top level of a company’s IT system. But, as hackers become more sophisticated in their techniques, more attacks are now starting at the lower levels of a company’s system, passing from network to network, and taking months, not days, to slowly infect a company’s system with harmful effects. This means a company may not be immediately aware that an attack is happening until it’s too late. https://www.securitymagazine.com/articles/97984-evolving-cybersecurity-to-protect-todays-energy-network-architecture

Because of rapidly changing technology and consumer demand, the actual transfer of energy from point A to point B is also changing. The old model of huge physical facilities, including refineries and power plants, is shifting to smaller storage areas and decentralized facilities. Consumers also now want to buy, sell, and access energy more and more through technology, including on their mobile phones. Energy companies are spending more and more on technology to reduce costs and emissions. A 2017 report showed that investment in digital software in energy infrastructure increased 20 percent annually over the past four years. But, as the rapid adoption of technology grows, so does the potential threat of a cyberattack.

That growing threat is rapidly approaching. In April 2022, The Cyber Infrastructure and Security Agency or CISA, along with the FBI, and the Department of Energy, issued a joint warning about potential disruptions to the U.S. energy industry from Russian agents and hackers as a result of the Ukraine conflict. While a full-scale attack has not happened yet, many security analysts believe that Russian, or other sympathetic agents, could be probing now for soft spots and vulnerabilities, before making their move for a larger attack later this year.

Better Cyber Security Through Training, Partnership, and Technology

How can the energy industry respond to this impending threat? It will require a three-step approach of better partnership and communication from the private and public sectors, enhanced training of employees, including those not focused on IT, and better use of best practice security protocols and technology.

1. Cyber Security Training is a Must for All Employees

As a whole, the energy industry still needs to do a better job of training employees to detect and report potential cyberattacks. In a recent survey, less than a third (31%) of energy professionals said they could confidently recognize a potential threat and then take appropriate next steps for mitigation. https://pv-magazine-usa.com/2022/05/19/energy-sector-should-be-better-prepared-for-cyber-attacks-said-dnv/

The reality is that cyber security awareness, preparation, and action, can no longer be viewed as just “the IT department’s problem.” This is especially true since so many employees today work remotely and often rely on personal computers and internet networks for their daily work. Being informed and prepared also extends to how employees use their emails and even surf the internet for information related to the industry.

From 2011 to 2018, Russian agents conducted a multi-stage campaign against U.S. and international energy sector networks that gained access to several companies’ infrastructure control systems (ICS) and collected enterprise data.

This was done rather easily through:

That’s why all employees need to have up-to-date training on how to spot these types of attacks and prevent them from creating a real impact on the company.

2. Improve Private and Public Section Partnerships

While the majority of energy companies and utilities are privately owned, the reality is both the private and public sectors must find ways to work better together to prevent the next major cyberattack.

“We truly are all in it together. Government can’t do it alone. Industry can’t do it alone,” Jen Easterly, CISA director said a recent conference focused on the electricity industry. “So it really has to be this collective cyber defense, all in the foxhole together on the frontlines.”   https://dailyenergyinsider.com/infrastructure/35557-utilities-and-public-sector-partner-to-combat-cyber-threats/

One way both groups can work together better is through better information sharing on potential threats and mitigation techniques. CISA recently announced the creation of the Joint Cyber Defense Collaborative (JCDC). This new initiative allows the federal government and the private sector to better share real-time information through an evolving platform that focuses not only on communication but shifting the focus from reacting to an ongoing threat to more on planning and intercepting attacks before they happen.

As the federal government provides more tools to share information, the energy industry must also shift to not only providing that necessary information, but also doing it more frequently and more quickly. If a company is indeed attacked, there must not be the stigma attached to any admission of being compromised so long as the company alerts everyone promptly so that action can be taken.

Finally, the government must find ways to help streamline industry regulations and frameworks that can foster more open and candid communication between the public and private sectors.

This can include:

  • Creating a standard roadmap of cybersecurity best practices that companies of all sizes can apply.  
  • Allow select regulatory agency members to “speak off the record” with private companies to get candid information from them on real-time issues, without fear of regulatory retaliation.  
  • Granting more private companies access to classified government information, as allowable, along with appropriate recently declassified reports on energy industry threats.

3. Make Cyber Security Technology a Priority

As energy companies focus on adding more technology to their systems, spending and implementing specific technology focused on cyber security is necessary.

With more employees working from anywhere, robust and secure network architecture should be a priority. Companies should enable a single point of control through approaches such as a secure access service edge (SASE) that can integrate security and networking solutions together. These can include options such as firewall-as-a-service and ZTNA. In addition, cloud delivery offers firms greater flexibility and a better opportunity to apply security protocols and consistent remote policies as needed.

In today’s hybrid and work-from-home environment, it’s not enough to just train employees on how to spot potential threats. Companies must also implement embedded security, that includes encryption and multi-factor authorization to all technology that the IT team can regularly update to add an additional layer of protection.

Finally, energy companies and providers must find ways to increase their budgets to keep up with the latest security technology. While companies will likely not want to pass on such costs to consumers to help pay for this, creative solutions should be found instead. This could also include federal, state, and local agencies offering tax incentives or even grants to facilitate technology improvements, especially for small companies with limited budgets.

As everyone depends on energy, the mantra of “let’s all work together” is key for this industry to prepare for and hopefully prevent the next cyberattack. This goal can be achieved through better partnerships, enhanced training, and enhanced technology.

Does your agency or organization need guidance or additional support for cybersecurity? Reach out to J5 Consulting and connect with our team of IT experts.

Common Cyber Security Missteps and Effective Mitigation Practices for Today’s Organizations

Cyber security must be a top priority for businesses in all industries today. While companies often focus on updating their protocols and keeping staff up-to-date on best practices, their IT systems can remain vulnerable to cyber or ransomware attacks. That’s due to companies having misconfigured systems, poor digital security, and unsecure software.

Recently, CISA, the FBI, and National Security Agency (NSA), along with cybersecurity authorities from Canada, New Zealand, the Netherlands, and the United Kingdom released a to-do list and best practices for companies in the report – Weak Security Controls and Practices Routinely Exploited for Initial Access.

“Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system,” the joint advisory said.

With this in mind, we will explore these recommendations and how companies can apply them to their organizations.

Poor Security Practices Often Exploited by Cyber Criminals

Many companies are still employing hybrid workforces due to the recent pandemic. With employees using technology at home, often with insecure personal internet connections, cybercriminals have even more opportunities to launch sophisticated and potentially damaging attacks. Even if employees work on-site, many common missteps when setting up and maintaining an organization’s software and systems can still leave them vulnerable.

Here are some things to be aware of to prevent these kinds of attacks.

Multifactor authentication (MFA) not enforced: MFA secures data and applications by requiring users to present two or more credentials to verify their login. Even if one credential is compromised, an unauthorized user will not be able to meet the second requirement to gain access, which makes this a robust security measure for all users. Enforcing MFA, including with a thumbprint or a physical hardware key, will increase confidence within an organization that it is secure.

Using software or hardware with default security settings: New network software and devices often arrive packaged with pre-set passwords. These passwords, usually printed on the packaging, are designed to be easy to remember and activate. However, this simplicity makes it even easier for outside agents to access them. These default passwords are often readily available on the internet, including on the manufacturer’s website, and must be changed before using any new device or software for the first time.

Vulnerable remote services: Recently, threat actors are targeting remote services such as virtual private networks (VPN). These VPNs often lack sufficient controls to prevent unauthorized access. As a result, additional control mechanisms, including firewalls, MFA protocols, and detection systems that can identify unexpected activity are essential.

Weak passwords: Often, employees use weak or easy-to-remember passwords, such as “12345” or even “Password.” Cyber actors are very smart and can deploy various methods to exploit these weaknesses and gain unauthorized access. That’s why it’s essential to advise employees to not only use strong passwords, but also stress the need to update their passwords periodically, in case an organization’s system gets hacked and user passwords get shared on the “dark web.”

Misconfigured cloud services: Cloud services are often prime targets for cyber actors. This is primarily due to poor configurations and open ports exposed to the internet. Hackers often use scanning tools to detect open ports and find vulnerable entities, including RDP, Service Message Block (SMB), Telnet, and NetBIOS services.

Blocking Phishing Attempts: Cyber actors still find much success in sending emails with malicious links that can infect computer systems. It’s imperative that all users not open suspicious emails from unknown people and notify their IT or security departments about these messages when they receive them.

Recommended Mitigation Steps

With the variety of weaknesses and poor security practices listed above, companies need to take active steps to mitigate any potential cyber attack. Here are the recommendations from the NSA and CISA guidance.

Adopt a Zero-Trust Security Model: Zero-trust security ensures that all users, whether inside or outside a specific network, are authenticated, authorized, and consistently validated to have the necessary access. This strategy also includes the least-privilege model that ensures users only have access to the specific data and resources they need. Doing both will help prevent any potential cyber attack from reaching an entire database or network and facilitate easier containment.

Established Centralized Log Management: Keeping track of log files is vital for organizations to have enough information to investigate incidents and prevent future attacks. For maximum effectiveness, determine which log files are needed, including those for system logs, network logs, application logs, and cloud logs. Set up alerts that can record suspicious activity, including timestamps. Keep all logs away from local systems and move them to a centralized, secure location or repository. Finally, determine the amount of time that logs need to be retained and decide upon any record-keeping or archives for future research.

Employ Antivirus Programs and Detection Tools: Antivirus tools and programs still offer an effective way to monitor against potential attacks or malicious viruses embedded in software or hardware. Regularly update these programs to remain current with new threats. In addition, employ endpoint detection tools that regularly monitor for threats. These can include an employee station or laptop, server, cloud system, or mobile application. Ensure all potential hazards are recorded in a central database for further analysis and reporting.

Maintain Rigorous Configuration Management Programs: Misconfigurations of a system’s default settings can lead to many problems, including poor performance and potential vulnerability to a security breach. Pre-set passwords or pre-installed applications can be easily exploited, allowing a hacker access to unauthorized data. Specialized configuration management gives IT teams a better sense of what’s happening in their key assets and can better alert them to potential security issues. The basic tools will classify and manage systems, enable new settings, automate patch updates, and identify problematic and non-compliant configurations.

Effective Patch Management: Having an effective patch management process in place ensures that organizational software stays up to date and remains secure against potential threats. A sound patch process includes testing patch updates before releasing them system-wide and performing frequent vulnerability scanning to discover potential gaps in security along with retiring unsupported or end-of-life software or firmware on a timely basis. Finally, prioritize patches that counter known exploited vulnerabilities, including those listed on the CISA.gov site. (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Any commitment to improving overall cyber security requires a combined team effort from everyone within an organization. Implementing active mitigation measures and taking steps to secure common security issues will go a long way to keep any organization cyber secure.

Does your agency or organization need guidance or additional support to fully implement zero trust compliance? Reach out to J5 Consulting and connect with our team of IT experts.