Encryption attacks are on the rise–it’s time to secure your digital traffic
Given today's environment, IT leaders at higher education institutions need to be prepared for a cyberattack
You see them in courthouses, sports arenas, and airports. People are accustomed to emptying their pockets, opening their bags, and passing through a metal detector when entering certain buildings. Inspecting all human traffic – and the items they carry – is a way to keep the facility and everyone inside it secure.
With the explosion of cyberattacks against higher-education institutions, it’s time for technology leaders to take a similar approach to cybersecurity. To keep the network secure, all digital traffic–including encrypted internet traffic–should be inspected before it is allowed onto the network.
Encrypted Traffic: The New Front Door
Encrypted internet traffic, known as hypertext transfer protocol secure (HTTPS), protects data as it is transferred from a web server to a browser using SSL or TLS encryption protocols. In the early days of the internet, HTTPS was used only for sensitive data. It is now the standard for transmitting data over the internet.
Encrypted data can be anything – a username and password, credit card number, student grades, research reports, etc. It can also be malware. A recent study found that over 85 percent of cyberattacks now use encrypted channels, with malware being the top form of attack.
With the rise in criminal trends like ransomware as a service, cybercriminals no longer need to write their own code or set up the operational infrastructure to launch a ransomware campaign. Cyber attackers are hiding in a place that was once deemed safe.
Higher Ed in the Crosshairs
Cyberattackers favor easy targets that offer a high reward, and they are finding that in higher education. That same study found a 132 percent year-over-year increase of encrypted attacks against the education sector, which follows a 50 percent increase from the previous year. Higher education leaders have also set a precedent for paying large ransoms, with perhaps the most notorious being $1.14 million paid by the University of California, San Francisco, to retrieve the encryption key after a cyberattack locked their files.
Cybercriminals know that many higher-ed institutions do not inspect SSL encrypted traffic, which leaves an open attack vector for them to exploit. University networks are often built with an open architecture to promote information sharing. So, once an attacker is in, they can move freely and laterally within the campus network. They often target sensitive research data, which is the crown jewel for many research-led institutions.
By taking an “inspect all bags” approach and inspecting all traffic at the front door, cyber attackers can be stopped before they can get in.
Inspecting all encrypted traffic may sound overwhelming–if not impossible–to institutions that already have resource constraints, especially those colleges and universities that are working with legacy technology. On-premises, next-generation firewalls developed for a hub and spoke security framework are common in higher education. While they serve a purpose, they don’t have the ability to inspect SSL-encrypted traffic at scale. They also create a vulnerable attack surface for bad actors to exploit.
The rise in remote learning has only added fuel to the fire. Students are now accessing campus networks from pretty much anywhere and from any device, further expanding the attack surface and increasing the flow of encrypted traffic to the network.
Privacy is another inhibiting factor. College and university networks are deliberately designed to be open to allow for sharing of ideas. Academic freedom and open internet policies have kept higher ed institutions from implementing SSL inspection detection tools. However, modern cloud-based security platforms give institutions the flexibility to secure encrypted traffic while still bypassing sensitive content in order to maintain strict privacy policies.
A Shift to Zero Trust
To overcome barriers to securing its systems, higher education can take a page from the federal government and shift to a zero trust security model. The idea behind zero trust is just like it sounds – nothing is trusted until it is authenticated, which happens not only at the point of entry, but throughout what becomes a layered network.
With zero trust protocols in place, all traffic coming in would be automatically inspected and authenticated, with access granted based on permissions. If a bad actor were to slip through that first line of defense, the security layers within the network hinder lateral movement to minimize damage. Zero trust also monitors traffic going out to protect against theft of sensitive data.
A zero trust framework makes it extremely difficult for cyberattackers to launch a successful attack. Because of that, the federal government has mandated that all agencies and the Department of Defense adopt a zero trust framework.
While updating legacy technology is highly recommended, colleges and universities can implement elements of the zero trust framework quickly without ripping and replacing all of their systems. This can be done by adopting a unified, cloud-native zero trust security platform that sits on top of existing technology. Traffic flows into and out of the network – whether it is an on-prem data center or a public cloud – after passing through the security platform.
With this approach, all traffic is monitored and authenticated per zero trust protocols, allowing institutions to inspect SSL-encrypted traffic at scale while also maintaining the highest privacy standards for faculty, staff, and students through granular policy controls.
With the current environment, higher education institutions need to be prepared for a cyberattack. Because institutions possess valuable and sensitive research information, many have already taken an enterprise approach to cybersecurity to holistically protect the institution and its research by leveraging a zero trust model. More institutions need to follow suit quickly to avoid becoming the next victim.