Higher education institutions suffering from ransomware attacks is nothing new. However, as institutions shift to distance learning, the attack surface is much greater, giving malicious actors greater opportunity.
Institutions have a plethora of data – student assignments, academic research, administration and admission files, and alumni relations materials. The amount of data institutions have is incredible and increasing – making them prime targets for ransomware attacks.
Ransomware not only creates an issue for institutions by restricting access to critical systems and data, but it also can expose students’ personal information, such as Social Security numbers, passports, and banking details.
When Michigan State University was hit with an attack, the institution chose not to pay – and hackers began publishing financial documents and financial information shortly thereafter. Once an attack occurs, there is no guarantee that stolen data is safe – even if the institution pays a ransom.
With or without ransom payment, any delay by the institution in protecting and restoring data affects its ability to operate effectively. Malicious actors know that institutions are already under immense pressure with increased costs due to pandemic safety measures and the shift to hybrid learning, combined with reduced revenue. Further, a recent advisory from The Treasury Department’s Office of Foreign Assets Control warns that government agencies may consider the payment of a ransom to be a violation of laws relating to financial sanctions and embargoes.
How can higher education institutions address the threat of cyberattacks – while addressing these other challenges? The threat of ransomware attacks necessitates not only a strong defense, but an equally strong offense. There is no guarantee that IT can secure every entry point. And data backup is useful only if it is accessible when it’s needed the most. Equally important is that institutions can get back on their feet after an attack–and do so quickly. Colleges and universities must consider a platform with security built-in, as well as backup and recovery measures to prepare for ransomware attacks that target the last line of defense, data backups.
Data protection – think smarter, not harder
Hackers are evolving their tactics – and institutions must ask what they can do to fully safeguard their data in a time of heightened demand and vulnerability. In theory, it’s easy. Institutions can prevent ransomware attacks by keeping their operating system and tech stack up to date and investing in InfoSec training, network security audits, and vulnerability testing. They can also control access to data and back up files through frequent snapshots and other data-protection methods.
But protecting against a high impact, low probability event is difficult in practice. Backups may not work as effectively or quickly in the event of a real threat. Many systems are not ready to restore large environments in a short timeframe, and failed backups, corrupted data, and slow restores hurt colleges and universities even more. Their highly complex systems face regular issues every day to keep everything operational. Now add in evolving ransomware attacks that target backup data, backup catalogs, and even storage array snapshots, forcing organizations to go through the reconfiguration of backup solutions before even recovering the data.
Higher education must think smarter–not harder–when it comes to data protection.
Simplicity at the forefront
First, IT leaders should consider a data strategy with security built in. Ransomware attacks place immense strain on existing data-protection infrastructure if it’s built on legacy architectures, such as disk and tape. Conventional security measures can safeguard an institution’s data from natural or human-made disasters, data corruption, or accidental deletions, but provide less protection against ransomware.
A ransomware attack is not a normal recovery event that might involve a few lost files or a corrupted database; potentially all files and databases could be encrypted. The same design that optimizes for data ingestion and space-efficiency creates significant drag on recovery speed because data needs to be reconstructed after being widely dispersed through deduplication. Thus, a modern data platform with protection for backups built-in is essential.
Next, institutions should evaluate their backup and recovery measures to ensure they’re up to snuff. Data backups are the last line of defense against ransomware attacks. Focusing on recovery performance helps avoid system downtime, and ultimately works to prevent the crippling effects of halted campus operations and learning. Two metrics are key here: reliability and speed of backup. Backups should not require constant care and feeding, and they should also be simple and immutable. In this case, immutability ensures backups aren’t compromised by attackers even if admin credentials have been compromised. Advanced protection can also come in the form of automated snapshots that prevent backups from being deleted.
We also must evolve our expectations around backup and restore speeds. Backup storage must recover as fast as possible. It also must be done at scale – a single database might require 10 hours to restore. When you consider that an institution can have dozens or even hundreds of databases, it’s no wonder recovery time is often measured in months. Let that sink in for a moment. A 60-day restore period is more than half a semester long. Students and faculty can’t afford that much downtime in instruction and learning, even if the school’s data is only partially affected. Rapid restore is a critical means for institutions to protect themselves against the effects of ransomware attacks. Recovery point and recovery time objectives ensure that they can avoid major organizational and financial impact, protect students’ data, and stay focused on their important research and teaching initiatives.
Modern data protection for evolving threats
Rapid backup and recovery are essential – with a Modern Data Experience as the foundation. A Modern Data Experience is simple. It should be easy to set up, manage, and expand storage, as well as integrate easily with existing backup software. Of course, it must be fast – restoring data and applications quickly enough to actually matter. It should also be seamless. This experience can span any protocol, any tier of service level, and multiple clouds in a single environment. Lastly, it should sustain performance as data volumes increase.
Having consistent, real-time access to data is critical for colleges and universities today. And as no institution is immune to ransomware, they need to be able to recover data at scale, as quickly as possible, when systems go down. The backups themselves must be both valid and usable. Modern data protection is fast, simple, and cost-effective. This enables institutions to safeguard against more attacks in the future – and ensure that students and staff can access and use data without being beholden to malicious actors.