Skip to main content

Defending universities against ransomware with cloud backups

cloud
(Image credit: Image source: Shutterstock/bluebay)

As the back-to-school season rapidly approaches, prepping for cybersecurity threats and particularly ransomware should be at the top of the to-do list for any university IT departments. According to recent research, from 2019 to 2020 the number of ransomware attacks US universities faced increased by 100 percent, with average losses per attack standing at over $450K. ”Aggressive and urgent” action has also been called for by the Biden Administration’s Ransomware Task Force, and across the pond it’s not much better - the UK's National Cyber Security Centre recently stated that ransomware incidents it handled have tripled in the same period.

Educational institutions are a prime target for ransomware, and it’s no surprise they’re receiving unprecedented levels of attention. The scale of confidential intellectual property universities generate today through research, along with the potential value of student data, is significant enough to make them a big target for malicious actors. With all sorts of collaborators on projects involved today, it can be difficult for IT departments to keep track of internal parties’ access to data, never mind controlling access by external parties. 

The key to getting ahead of this threat lies in adopting an innovative cloud backup strategy to keep the ransomware threat at bay.

How university IT departments have evolved 

The proliferation of university research projects and their IT requirements over the last 30 years has elevated the risk that ransomware poses to universities. Previously, departments and researchers would rely on an internal central IT department to dole out the computing resources they required, which made it easier to track and deal with security problems. Today, universities are dealing with hundreds of research projects at a time, all with their own IT requirements and staff members utilizing different software and resources, which makes it difficult for any one central IT department to keep track.

This problem is also exacerbated by increased sharing of custom cloud-based applications and software between researchers and external stakeholders. Many departments and faculty members now purchase IT services on the web for their own purposes or cobble together their own solutions rather than going through the university central IT department, which presents the classic “shadow IT problem”.  To combat this, educational institutions need to facilitate better IT practice by providing centralized infrastructure that allows faculty and students to develop and run the programs they want in a secure way. Cloud compute resources and storage can help bridge this gap.

Key to this is reimagining the role of the university IT department and having it adopt more of a Managed Service Provider (MSP) function, rather than being a gatekeeper of software and resources. In this way, IT departments can help their organizations engage the services of third-party firms to help set up networks, recommend and implement software, and provision compute and storage resources.  By serving as an in-house MSP, the university IT department can help departments and teams transfer more of their IT needs to the cloud and reduce their reliance on on-prem data storage. And, ultimately, cloud storage offers one of the best ways to mitigate one of the biggest risk factors for ransomware - human error.

Reducing the human risk 

Where ransomware is concerned, the human factor can often be the most challenging variable to manage. People make mistakes, whether it’s falling for email scams, being tricked into sharing their passwords or other credentials or mistakenly installing malware. Even the best efforts of cybersecurity companies, dedicated to intrusion prevention and detection, cannot guard against vulnerabilities that are not of a technical nature. This is where cloud backups can help enormously.

In many ways, the value of cloud backups in a ransomware context is most evident in how they can help maintain business continuity. When hit by an attack, universities need to restore data in a matter of minutes or hours to avoid severe service disruption. Your typical cloud data center is online and staffed around the clock with on-site surveillance and additional data intrusion prevention measures to enable fast data restoration time. Because data centers are always online by default, organizations can get immediate access to their backed-up data at all times ensuring optimal protection. 

However, restoration isn’t always sufficient. Often the only way to eliminate ransomware woven into a device’s operating system is to scrub the computer disks clean and start afresh. That means IT technicians must reinstall operating systems and other core software, or previously installed applications, in order to restore the device fully. Practice makes perfect as they say, so IT teams should be regularly practising the restoration process and testing to prepare for as many eventualities as possible.

Redundancy and resilience 

To combat ransomware effectively, ensuring your cloud backup strategy has redundancy and resilience built-in is important. Keeping multiple backups of data in the cloud is a good place to start, and the industry standard "3-2-1” backup strategy is highly recommended. This means that organizations should be storing three copies of a single piece of data - two on different media formats, and one off-site - as part of their backup efforts. This way, operational continuity can be preserved in the event of an attack. 

Cloud backups on their own aren’t a panacea, as many ransomware attacks can start from the simplest on-premise security slip-up. For example, attacks are often started by way of an infected USB flash drive, attached file, URL download, or other and uploaded to the cloud through a backup. Cybercriminals can even gain access to people’s networks via exposed remote desktop services to steal their passwords before proceeding to delete their cloud backups, before then deploying the ransomware.

Guarding against this requires strict separation between active data and backup copies - what is called “air-gapping”. To ensure this, university IT teams need to leverage what’s termed “immutable” storage capabilities from their cloud provider. Data immutability means that any data written to a container holding the data (or data bucket) is immune from alteration or deletion by a third party during a specified retention lifetime. Not even a systems administrator can edit an immutable bucket that has been locked, and immutable buckets can also be configured to delete data after specific retention periods have elapsed.

There’s no doubt that ransomware will continue to be an issue that rears its head in the education sector. By incorporating cloud backups as part of an effective data security and storage protocol, universities will be able to mitigate against all but the most sophisticated ransomware attacks.

David Friend, co-founder and CEO, Wasabi Technologies

David Friend is the co-founder and CEO of Wasabi Technologies, the enterprise cloud storage service provider.