Many of us took time off work to enjoy the holidays (or just to de-stress after a trying year), but not all. Many dedicated individuals from our distributed IT and Cybersecurity Operations teams worked through the holidays to ensure our personal information and UW data remained secure and protected. We owe them our gratitude and we all realize that we work better—together!
When the nationwide supply chain breach of SolarWinds was announced, our distributed IT partners worked closely with the Office of Cybersecurity in identifying areas on campus where SolarWinds products were installed. After further investigation, it was determined that there was no negative impact on campus and no additional issues were identified.
Another incident involving a ransomware attack occurred when criminal hackers accessed a server via a public/internet facing infrastructure. Unfortunately, only limited backups were available and did not go past the initial attacker access. Thus, unit IT infrastructure had to be rebuilt.
So, what have we learned from these incidents and what should we be doing to avoid similar attempts in the future?
Understand that we are not immune to things going on in the rest of the world. The criminal hackers are well funded and becoming more sophisticated. In terms of ransomware attacks, after infiltrating a system, they patiently wait and identify the best time to attack. We need to be more sophisticated and up our game by using the enterprise tools and resources available to better protect our data.
What can IT departments do to be more secure?
- Complete an asset inventory for all devices and endpoints
- Know what devices are connected to the internet and where these devices are located so you are better prepared to respond to an incident.
- Create good backups that cover an extended period of time
- Store the backup offline or offsite.
- Consider using Bucky Backup.
- Document your change management
- Any changes to your environment need to be logged and communicated to your team.
- Use the centralized tools and services available to you
This is especially important for areas having small IT departments. These tools allow for additional sets of eyes to identify and quickly respond to potential breaches.- Spirion: Clean your IT house. This tool looks for restricted data. If you don’t need it, delete it. The best archival process may be to print it and securely store it in a vault.
- Advanced Malware Protection (AMP): A powerful, centrally managed antivirus protection and monitoring tool.
- Qualys: Includes both host-based and web application vulnerability scanners. This automated process identifies security vulnerabilities of computing systems such as web applications and servers. Secure your endpoints with BigFix and Workspace ONE.
- Get involved with the UW–Madison Information Security Team (MIST). Make sure your IT area has a MIST representative who can share information learned with your IT teams.
If you are concerned about what may be exposed through the internet, contact cybersecurity@cio.wisc.edu for assistance. Working together will solve issues more quickly and efficiently than trying to do it by yourself. Your area may find cost savings by using the Security Operations Center to help you monitor your systems. We can’t do our job without your assistance. Let’s make this a campus New Year’s resolution to be more secure and use the tool and services at your disposal.