CASE STUDY
For example , it ’ s seen increased ransomware attacks and nation state attacks launched to steal COVID-19 research data . Universities work with several different organisations in a research capacity , so cybercriminals may see the sector as a route to targeting more complex , larger organisations that hold valuable information but that tend to invest more in cybersecurity .
The education sector has a sprawling number of endpoints to secure , with most universities having little visibility or control – something that the shift to remote and hybrid learning has exacerbated . There ’ s also a near constant stream of joiners and leavers in the higher education sector which creates a unique set of challenges when it comes to securing endpoints and properly managing them .
What proportion of your IT budget is taken up by cybersecurity spend / investments ?
We have spent approximately £ 2 – 3 million over our initial budget on cybersecurity in the last financial year – as a result of the challenges presented by the pandemic . It ’ s worth noting that some of this investment was in IT operations ‘ basics ’ such as visibility and asset management controls , which we believe provide the critical foundations required for a strong cybersecurity programme .
Can you give us some insight into your strategy for instilling a robust cybersecurity culture across the institution ?
Team silos have traditionally created difficulties for us , and the institutional structure seemed to encourage this divide . In my role , I ’ ve therefore been dedicated to trying to drive an ‘ infosec culture ’ which seeks to tackle the misconception that cybersecurity issues or attacks are simply just an ‘ IT issue ’. Good cybersecurity is everyone ’ s responsibility and everyone plays a significant role in protecting the institution – not just that of security and IT teams .
One activity I conducted to engage the university ’ s board of directors was to take them on a quick tour of the Dark Web . I demonstrated how easy it was for criminals to purchase data related to other educational institutions that had recently been targeted by cyberattacks , and how attackers can use these to gain access to and leverage a network .
Secondly , I showed them how the entry level to becoming a cybercriminal has reduced significantly . Attackers no longer need to know how to code as they can purchase credentials from initial access brokers , or even purchase a cyberattack ‘ package ’ through new and emerging ‘ Ransomware-as-a-Service ’ providers .
Through this exercise , I was able to visually frame the repercussions of a cyberattack and show just how easy it is for people to purchase credentials from a senior level person or stolen data from an educational institution like ours .
How has Tanium ’ s solution enabled the university to strengthen its incident response capabilities and what benefits has this provided ?
We have a mixture of hardware and software across the University of Salford campus . However , prior to adopting Tanium , the visibility across university devices was quite low – an issue that became apparent during a recent pentest we conducted . This was a massive problem because without such visibility , we had no knowledge of what exact devices we have and what they could potentially be running , which left us in a highly vulnerable position .
Tanium ’ s solution has therefore been key to allowing my team and I to have this knowledge at all times and in real time ; within under 20 minutes , for example , I can now have a patch compliance report collated for review . This is also beneficial across the wider business as being able to provide such data on demand gives us more credibility among the university ’ s board when discussing matters related to cybersecurity .
Prior to partnering with Tanium , it took us four to six weeks on average to patch vulnerabilities – a time average which has now been reduced to just 24 hours . The partnership has ensured our IT infrastructure is better protected by giving us the tools needed to respond to threats more quickly .
What does the future hold for the university from a technology standpoint ?
For the next year , our programme will be focused on making sure our actual level of risk meets our risk appetite ; something we have a lot of work to do to achieve . We currently have more risk than we ’ re comfortable with .
We ’ re looking to close that gap by continuing to invest further in technology , to improve what we ’ ve got in place and implement new tools where needed . Our strategy will be to maximise value from a small number of important tools , rather than lots of different ones , to ensure teams can continue to be able to work closely together with the same data . p
www . intelligentcio . com INTELLIGENTCIO EUROPE 61