Guest Post By Don Boxley, CEO, and Co-Founder, DH2i (www.dh2i.com)
We’re in a new era of data security that makes the past seem downright quaint. It’s not enough anymore to just avoid using “1234” as your password; the world is vastly more complicated, which is mirrored in the evolution of increasingly frightening cybersecurity threats. In such an environment, it’s also not enough to have cybersecurity awareness—today’s organizations must effectively leverage the latest tools and most innovative approaches for IT security.
In the U.S., millions of college students are beginning another academic year, which means a huge increase in user activity. There’s no choice from a security standpoint: IT infrastructure should be completely dialed-in by the end of the summer, which can be stressful.
The global COVID-19 pandemic’s effects are not only lingering but permanent, which has affected education-based IT professionals as well as those across diverse industries. Many colleges and universities adopted fully remote or hybrid learning models, which have created an unintended consequence in these institutions: more network vulnerabilities. As a result, higher-education institutions have entered the bullseye for cyber-attackers over the last few years, as hackers seek monetary gain, intellectual property, and personal information.
There are a growing number of horror stories in higher education, including a college being shut down after a ransomware attack and a university being forced to fork over $1.14 million to its attackers in order to regain access to its own academic data.
The education industry is under siege from two main types of cyber-attacks: phishing and ransomware or malware attacks. In phishing attacks, bad actors convince their victims that they’re a reputable organization, often another university or college. A common tactic is to ask users via email to verify their personal information, such as their login credentials. Phishing scams also often link victims to a fictitious landing page that looks just like the real one to trick them into supplying sensitive data.
In ransomware or malware attacks, cyber-crooks often leverage an initial phishing campaign to access a system, then may use bot-driven attacks to guess a user’s credentials. The hallmark of ransomware attacks is that the hacker can take control of an organization’s internal systems and applications—rendering them inoperable—and then demand ransom payments before they will (hopefully) return the hijacked system or data.
The Best Remedy
Boosting cyber-security in 2022 requires embracing a “Zero Trust” approach to data security, which means, per Palo Alto Networks, “Eliminating implicit trust and continuously validating every stage of a digital interaction.” The key is to create a totally secure IT environment that trusts no user within the network or outside of it.
If you’re familiar with more traditional solutions such as virtual private networks (VPNs), the Zero Trust methodology represents a broad departure. The biggest difference is that traditional solutions have no way to prevent an attack from expanding laterally.
While VPNs have been considered a secure solution in the past, they aren’t ideal for today’s hybrid and multi-cloud realities. The inherent vulnerabilities of VPN solutions aren’t compatible with these now common cloud environments because of their single access point that exposes a large surface to lateral attack once a hacker gains initial access—rendering the full swath of a network vulnerable. The way to enable true Zero Trust architecture is through newer technologies—specifically software-defined perimeter (SDP) solutions.
SDP allows organizations to be proactive, not reactive, to cyber-attacks and allows the elimination of:
- the lateral attack surface via isolated network access at the application level
- expensive and hard-to-maintain physical networking appliances
- firewall configuration and access control list headaches
- costly hourly VPN connection fees for cloud deployments
What’s more, SDP offers an overall reduction in IT hours spent on lifecycle management and physical overhead.
Of course, once you make the switch to SDP, you’ll still want to use standard best practices—that go beyond cybersecurity awareness education—to lessen the chance that your organization will wind up the victim of a security breach. These include mandated password changes, keeping software up to date, and performing regular data backups.
For extra data security, you can also consider using tools like a centralized password manager to keep track of your passwords, 2-factor authentication, and domain-name monitoring. Whether your user base is college-aged young adults or anyone else, IT teams should embrace these practices and tools in conjunction with SDP to facilitate a safety-conscious cyber-culture and set users up for success.
All things considered, SDP is nothing short of a silver bullet when it comes to increasing data security, which is why it belongs on every organization’s back-to-school list. Once your organization makes the commitment to SDP, you can prepare to enjoy simplified management, reduced physical overhead, and lower costs as part of the full package of greater security.
About Don Boxley
Don Boxley Jr is a DH2i Co-founder and CEO. He has more than 20 years in management positions for leading technology companies. Boxley earned his MBA from the Johnson School of Management, Cornell University.