Higher education institutions are increasingly facing more sophisticated cyberattacks targeting – not only targeting their networks and private information, but also ongoing university research.
During a FireEye webinar today, Zach Furst, deputy CISO of the University of Iowa, stressed the importance of leveraging threat intelligence to secure higher education networks and research.
In terms of why higher education needs to focus on threat intelligence, Furst said “Fundamentally, the reason is because you only see part of the pie.” With threat intelligence, he explained, cyber teams can see what is happening within their environment from another perspective.
Furst said universities can turn for help to peer institutions, private sector vendors, or government agencies such as the FBI and the Cybersecurity and Infrastructure Security Agency. “Fundamentally, this is important because it increases your ‘defense-in-depth,’” he said. “It lets you see how the threat landscape is changing before it reaches your environment.”
Furst touched on the importance of monitoring current threats to see how the threat landscape is changing, and referenced the NotPetya malware, which was first discovered in 2016. While attacks using NotPetya largely targeted institutions in Ukraine, Furst said the malware was essentially a precursor to the SolarWinds attack which hit government agencies in 2020.
Staying up-to-date on threat intelligence allows higher education institutions to stay aware of what types of attacks they may face in the coming years, he counseled.
Furst repeatedly stressed the importance of peer-to-peer information sharing as a key part to keeping all institutions of higher education safe, especially as research universities face increasing threats to their proprietary research during the COVID-19 pandemic.
Many of the “easy” cybersecurity protections are not available to higher education, Furst said. For instance, while other organizations may be able to do a blanket ban on activity coming from countries known to be sources of malware or ransomware, higher education really can’t do that. Furst pointed out that frequently colleges and universities have partner organizations or satellite campuses around the world. This means universities need to be more cognizant of specific threats since they can’t use blanket protections.
In terms of measuring threat intelligence success, Furst said universities should focus on whether they are improving detection efficacy, reducing the number of false positives, and alerting on things that are actually threats in your environment. Furst also suggested looking at mean time to detect and mean time to respond. The goal, of course, is to reduce those averages.