现在已经, 林肯学院熬过了1918年的西班牙流感, World War II and other challenges to see record enrollment and dorms at capacity by 2019, 其领导人表示. 但随着随之而来的大流行, something else — a ransomware attack in December — proved to be the final straw.
到那时,私立机构的人数还不到1人,000 students regained access in March to critical data for admissions and fundraising, its financial position had eroded and there was little time left to recruit for fall.
Lincoln's demise is a chilling reminder of the growing danger such attacks pose to workplaces generally, 包括学术机构, 网络安全专家表示.
施耐德唐斯公司的首席分析师就是这些专家之一, 大卫·墨菲, whose focus is in digital forensics and both defending against and responding to cyber attacks. He has an Air Force, intelligence and national security background.
Mr. 墨菲, 与该公司匹兹堡办事处联系, spoke to the Pittsburgh Post-Gazette about the risks and what employers, 包括大学, 能做些什么来保护他们的安全.
为了篇幅和清晰度,采访经过了编辑.
加兰:林肯的攻击显示了一所大学的高风险. But has the pandemic encouraged more such attacks against all kinds of companies and, if so, why?
A. 肯定. COVID-19, in general, resulted in an increase in attacks going on. 和 that has a lot to do with, 你知道, the remote workforce and securing those folks. A lot of organizations that I've run into were somewhat unprepared for that remote workforce capability.
PG: Explain a bit more about what happened once Lincoln officials learned their systems were effectively shut down, 他们被封锁在关键信息之外.
A. They went through some sort of forensic investigation to verify what happened and how they got there. 基本上,什么数据被拿走了,或者可能被拿走了. They later mentioned that there was no personal identifying information exposed, which is good.
我想有详细资料显示他们确实支付了100美元,价值2万英镑的赎金, 根据我的经验,这是相当低的. 通常, 当威胁演员要你付钱的时候, they do some sort of homework to verify what you're capable of paying. 这有点令人惊讶. 另一个角度是,如果他们付了钱,他们得到了什么回报? 你知道,这部分很不清楚.
加兰:疫情已经影响到了林肯大学的招生, 所以他们有什么经济上的能力来应对?
A. 这是我不能完全理解的一个角度, 为他们, but also just generally speaking for other colleges: what cyber insurance do they typically get. Your typical business insurance is not going to cover an attack like this — and the (remediation) required, recovering the data and the tertiary effects that might come from it.
That's one thing that all colleges really need to address — to make sure that they have a cyber insurance policy in place — and that it covers all the various effects, 不仅仅是赎金本身, 因为很多政策都会提到, ‘嘿, 我们会付赎金的.' But you need to include all the data recovery efforts and the forensics and legal counsel that you would need to fully address the breach.
加兰:有没有机构, 按规模和资源划分, 比其他人更脆弱——尤其是大学?
A. 我认为每个地方都很脆弱. You know, it's a difficult business to secure every single outlet of your organization. 实施预警的, early detection systems that can catch some of these activities early in the process are super beneficial. There's a lot of schools that have the resources available to implement some of the systems. 显然,有些人不会. 和 so those would probably have to rely upon accepted risk and fall back on some of the cyber insurance policies that are needed there.
加兰:什么样的罪犯会参与勒索软件攻击, and are there hackers with motives specific to colleges versus other organizations?
A. There is different threat intelligence that talks about the attackers and the types that go after specific colleges. But honestly, any threat of attack — at least with ransomware — is financially motivated.
他们大多是外国演员. 我相信这对联邦调查局来说很难. They investigate some of these things and try to bring some level of action against these attackers. 但这很困难, 很明显, 除非, 当然, (犯罪者)去了一个可引渡的国家. The (attackers) aren't afraid to go after targets that might not pay as much as some of the bigger groups
加兰:典型的情况是什么?
A. It often occurs in a (far off time zone ) — sometimes, like 3 o'clock in the morning (here). You'll initially get the first alerts when everybody's sleeping, unfortunately. 出于某种原因,它总是发生在周四或周五. 我不知道为什么.
It really matters what alerts you'll get initially and how quickly you're able to respond to that. So if you're a smaller organization and you don't have the resources, you might not notice it until you go through your routine checks in the morning when you first get in. 但即使有警报, you still have to do some level of root cause analysis and understand where the threat is coming from and how destructive it is.
加兰:在那之后?
A. In a targeted ransomware attack like Lincoln went through, you're dealing with, g with. 我们有的只是桌面上的一张纸条, explaining who to reach out to to pay the ransom and get the key to unlock all the files.’所以从那一刻起你就在挣扎, 基本上是从数据恢复的角度来看, 如果你有能力的话,试着让系统重新上线. 和, 你知道, working through the forensics to understand what happened and where and trying to plug those holes because (otherwise) they'll come right back
加兰:除了在事故发生后被带进来, 你们公司做前端风险防范工作吗?
A. 我们最重要的工作就是先发制人. 这显然是我们最想帮助人们的地方. So that includes everything from penetration testing: Pretending to be the bad guy and then giving them results and helping them understand where the vulnerabilities exist. 有很多警报和检测调优. 我们也做IT审计. 所以我们把整个组织看作一个整体.
PG: What's your advice to employers, be they companies or colleges?
A. Everything starts with a kind of a good vulnerability management system. 能够按时给系统打补丁, 确保你有一个好的资产清单, 了解环境中有什么, 什么地方需要修补,什么时候修补. 拥有网络保险很重要.
©2022匹兹堡邮报. 由论坛内容代理有限责任公司分发.
