Phishing Prevention for Educational Institutions: Key Characteristics to Look For in an AI-Powered Anti-Phishing Technology Solution

In the digital age, educational institutions face the increasing risk of phishing attacks which can compromise students’ sensitive information. This article provides insight into how educational institutions can choose the right AI-Powered anti-phishing solution to strengthen their security controls against such threats.

Phishing attacks have become an increasingly prevalent and persistent threat to organizations of all sizes, and educational institutes are no exception. As institutions of higher learning become more dependent on digital systems and online communication, the likelihood of falling victim to phishing attacks also increases.

Educational institutions can use AI (Artificial Intelligence) to power anti-phishing solutions. However, with numerous options on the market, it can be difficult and confusing to determine which solution will best meet their needs. This text will explore the essential characteristics to look for in an AI-powered anti-phishing technology solution to help educational institutes protect their sensitive information and maintain the trust of their stakeholders. The right solution can always ensure the confidentiality, integrity, and availability of sensitive and confidential data of the institutions.

Statistics: Phishing in the Education Sphere

The following are some alarming statistics concerning phishing and other cyber attacks targeting the educational sector.

  • According to the 2021 Netwrix Cloud Data Security Report, most educational organizations encountered phishing attacks (60%) and account compromise (33%) in 2020.
  • The K-12 Cybersecurity Center reported a record-breaking 408 cybersecurity incidents across 377 school districts in 40 states.
  • Cyberattacks targeting educational institutions increased by 75% in 2023.
  • In 2021, the education sector ranked as the third-largest industry targeted by spam and credential phishing attempts, numbering over 2 million.

What Makes Educational Institutions a Lucrative Phishing Target?

Educational institutions have become a lucrative target for malicious actors for several reasons, as listed below. It shows how vital the need for advanced phishing prevention methods for educational institutions is.

  • Research Material, Patents, IP: Innovation and patenting are crucial aspects upon which universities rely heavily for economic growth. Threat actors seek to disrupt these critical activities and the associated benefits they provide, making them a prime target for cyberattacks. The institutions store valuable intellectual property, including research material, patents, and other sensitive information that threat actors can monetize for their gain.
  • Lack of Expert and Experienced Security Personnel: Many educational institutes lack expert and experienced security personnel to monitor and protect their digital infrastructure, making them an easy target for cyberattacks. Additionally, the lack of experienced personnel implies that universities may need help implementing adequate security measures.
  • Changing Phishing Tactics: Another reason educational institutes are a prime target for malicious actors is the constantly evolving nature of phishing tactics. Such attacks often employ sophisticated techniques that can trick even the most tech-savvy individuals into giving away their personal information. As remote learning and digital communication practices become widespread, phishing tactics are becoming more sophisticated, making it more challenging for educational institutes to protect their staff and students.

Two Main Ways Through Which Threat Actors Target Educational Institutions

The following points show how threat actors can infiltrate restricted databases of educational institutions and what attack vector vectors they use to carry out their malicious operations.

  • Outdated or Unpatched Systems: Threat actors can infiltrate obsolete or unpatched systems of educational institutions by exploiting known vulnerabilities in software, operating systems, or applications that haven’t been updated or patched. They can use tools like port scanners to find open ports and identify vulnerable services. Once they gain access to the system, they can install malware, steal data, or use the system to launch further cyberattacks.
  • Variety of Phishing Techniques: Phishing is a tried-and-true method for malicious actors, and they often use it to camouflage malware as a message from a reliable and trustworthy source. These threat actors often deploy social engineering tactics through email, phone calls, or text messages (smishing), with email being the most favored method. The threat actors request access to privileged information or provide links to malicious attachments to deceive the recipient into downloading malware.

Note: Social engineering is a practice through which threat actors manipulate human psychology to lure unsuspecting targets into revealing sensitive information or acting in line with their objectives. Many educational institutions, particularly vulnerable to cyber threats with inconsistent and insufficient security training, are prime targets for these attacks. For instance, in 2017, MacEwan University in Edmonton, Canada, lost $11.8 million when a staff member became the victim of a phishing attack where the threat actor impersonated a vendor in an email requesting a change in the banking information.

What Educational Institutions Can Do to Keep Their Students Safe and Information Assets Secure

As is evident from the above sections, the cyber threat to universities, colleges, and schools is here to stay, and strict and immediate action is vital for all educational institutions. The following security measures and approaches will help them go a long way in protecting their critical data assets.

  • Endpoint Security: The concept of endpoint security may take time to capture one’s attention, but it is critical in the digital age. Endpoints, such as laptops, phones, and other devices, are vulnerable to cyber attacks, which may take the form of phishing incidents or other direct and indirect attempts. Endpoint-focused cybersecurity solutions are necessary to identify and address malware issues that traditional email and phishing defenses may overlook, especially for educational institutions.
  • Cybersecurity Expertise: Educational institutions and universities must work with IT administrators possessing expert cybersecurity knowledge. Increasingly sophisticated cyber-attacks necessitate more than a traditional IT team with limited cybersecurity expertise. Several public sector groups have established new cybersecurity roles to address this critical need. Educational institutions on tighter budgets can also go for vCISOs (Virtual Chief Information Security Officers) or the CSaaS (Cybersecurity-as-a-Service) models.
  • Use of AI as a Predictive Tool: One practical approach is to leverage AI technology to detect and prevent phishing attempts before they can cause any harm. AI can analyze factors such as email metadata, sender reputation, and message content to identify suspicious emails and flag them for review or automatically block them. Such a proactive approach can help reduce the risk of successful phishing attacks, especially as threat actors become more sophisticated in their tactics.
  • Selecting a Trusted Solution Provider: A trusted solution provider is critical to protecting educational institutions from phishing. The process of selecting one involves choosing a security vendor that has a proven track record of providing reliable and effective cybersecurity solutions and one that is up-to-date with the latest threats and trends in the cybersecurity landscape. By working with a reputable vendor, educational institutions can ensure they have access to the best tools and expertise to help mitigate the risk of phishing attacks.

Key Characteristics to Look For in an AI-Powered Anti-Phishing Solution

Here are key characteristics and aspects that educational institutions should look for and consider while selecting AI-powered anti-phishing solutions:

  1. Ease of Implementation: By prioritizing ease of implementation, academic institutions can simplify the deployment process, reduce the risk of errors, and ensure quick performance. Therefore, an ideal anti-phishing solution should be cloud-based and platform-agnostic, allowing it to be installed and operated seamlessly across multiple devices. It should work quietly in the background without disrupting the educational institutions’ productivity or daily activities.
  2. The MSP/MSSP’s Reputation and Support:  A reputable MSP (Managed Service Provider) or MSSP (Managed Security Service Provider) with a history of providing high-quality anti-phishing solutions can instill confidence in an educational institution, indicating that they are partnering with a trustworthy and reliable provider. Moreover, a robust support system provided by the MSP/MSSP can offer a safety net for educational institutions, as they can seek expert guidance and support in addressing any issues that may arise. It can be crucial for institutions with limited IT staff or cybersecurity knowledge.
  3. Quality of Service: Educational institutions should prioritize the quality of service offered by an AI-powered anti-phishing solution. Quality of service is essential to maintain the security and integrity of the institution’s network and data and to ensure the safety of its students, faculty, and staff. The solution should be designed to provide reliable and efficient protection against phishing attacks while guaranteeing minimal disruption to daily activities and should be regularly updated.
  4. IT Environment Setup: The efficacy of any anti-phishing solution also depends on the specific IT environment in which it is deployed. By assessing the IT environment, educational institutions can identify unique characteristics or requirements that must be considered in selecting an anti-phishing solution. Evaluating the IT environment can also help them determine the scope of the anti-phishing solution, ensuring that it is tailored to meet their specific needs and providing the essential features and capabilities to detect and mitigate phishing attacks effectively.

Phishing attacks are a significant threat to educational institutions as they target students and faculty members, compromising sensitive information and damaging institutional reputation. AI-powered anti-phishing solutions can help prevent these attacks by detecting and mitigating phishing attempts in real-time.

With an AI-powered anti-phishing technology solution, educational institutions can enhance their cybersecurity posture and protect their sensitive data and resources from the growing threat of advanced phishing attacks. As the threat landscape continues to evolve, investing in state-of-the-art anti-phishing technology is essential for educational institutions to secure their digital infrastructure and protect their staff, students, and other stakeholders.

References
  1. Daly, A. (2021, August 24). 6 characteristics of the ideal phishing software solution. Retrieved February 16, 2023, from Inky.com website: https://www.inky.com/en/blog/6-characteristics-of-the-ideal-phishing-software-solution-2021
  2. Goled, S. (2020, October 4). AI is A double-edged sword in phishing. Retrieved February 16, 2023, from Analytics India Magazine website: https://analyticsindiamag.com/ai-is-a-double-edged-sword-in-phishing/
  3. Landau, S. (2021, July 9). 7 phishing awareness and anti-phishing tips for the education sector. Retrieved February 16, 2023, from eLearning Industry website: https://elearningindustry.com/anti-phishing-awareness-tips-for-education-sector
  4. The top 5 cyber threats within the education sector. (2022, June 7). Retrieved February 16, 2023, from Avertium.com website: https://www.avertium.com/resources/threat-reports/top-5-cyber-threats-within-education
  5. Bresnick, P. (2021, March 8). 4 Reasons Cyber Criminals Are Targeting Higher Education: Part 1 Retrieved February 16, 2023, from Fierceeducation.com website: https://www.fierceeducation.com/best-practices/4-reasons-cyber-criminals-are-targeting-higher-education-part-1

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Top 5 Reasons Why Educational Institutions Are Soft Targets for Phishing And Malware Attacks and 7 Ways to Prevent Them

Educational institutions are always considered soft targets for cyber attacks because they contain massive volumes of data, and many of them are often not adequately secure. Here is a look at their vulnerabilities and ways to prevent cyber attacks from compromising their information assets.

Despite the financial and manufacturing sectors being lucrative targets for cyberattacks due to their profitability, they are fortified by sophisticated cybersecurity measures, making them less accessible to threat actors. Conversely, the health and education sectors, rich with confidential client and customer data, are often viewed as more vulnerable targets due to comparatively less robust security practices. This vulnerability is particularly evident in higher education institutions, which often face a higher number of cyber incidents. Here we explore why educational institutions are soft targets for cyber threats like phishing and malware and how they can enhance their enterprise network systems’ confidentiality, integrity, and availability to better defend against these attacks.

Critical Threats Facing Educational Institutions in 2023

Educational institutions have a massive amount of data in their databases. Besides, many do not employ the most robust cybersecurity strategies to protect their information assets due to budgetary constraints and other reasons. In addition, the pandemic forced almost all institutions to conduct their classes online, and most were ill-equipped to do so. Thus, malicious actors got the opportunity to exploit their digital vulnerabilities and launch cyber attacks on their network systems. Here are some critical cyber threats facing the educational sector in 2023.

  1. Phishing: Statistically, educational institutions have the maximum number of social media users, making it attractive for malicious actors to launch social engineering attacks through phishing. The Verizon Report underscores phishing as the most critical threat to educational institutions.
  2.  Malware/ Ransomware: The FBI has stated in its alert that ransomware activity continues to plague the educational sector, including many colleges and K12 schools in the US.
  3.  Data Breaches: Since educational institutions contain significant volumes of confidential data but do not necessarily have robust cybersecurity measures, data breaches are a critical threat. IBM’s DBIR 2022 estimates the cost of a data breach in the educational sector to be around $3.86 million.
  4. Unpatched and outdated software: The Verizon Report shows that unpatched and outdated software systems rank amongst the primary causes of cyber attacks on educational institution information network systems.
  5. Cyberbullying: With almost every student having access to smartphones and the internet, instances of cyberbullying are on the rise. The Cyberbullying Research Center report states that about 37% of students have experienced cyberbullying.

Phishing and Malware Attacks Against Educational Institutions: Statistics

As evident from above, educational institutions are popular soft targets for malicious actors. The following statistics show a snapshot of the cyberattack landscape of the educational sector.

  • CISCO 2021 Report states that the educational sector is the second-highest targeted sector for phishing and malware attacks after financial institutions.
  • According to Emsisoft’s year-end report, 1981 schools were hit by ransomware attacks in 2022, almost double the number from 2021.
  • Educational institutions witnessed a steep increase of 75% in cyber attacks in 2022.

Why Are Educational Institutions a Soft Target For Phishing And Malware Attacks?

Cyber threat actors relish uncertainties, and the pandemic presented them with many on a platter, especially from the education sector, because a significant part of education switched to online, and most institutions were ill-equipped to handle the change. Moreover, educational institutions have been a perennial soft target for phishing and malware attacks. Here are some reasons for it.

Large volumes of research and confidential data

Educational institutions contain massive volumes of data, including student credentials, financial information, valuable intellectual property, and vast research data. Therefore, threat actors can access highly credible information if they infiltrate the educational institution’s information network systems, which makes schools, colleges, universities, and research centers lucrative targets for malicious actors.

Multiple people accessing educational network information systems

University campuses usually offer accessible Wi-Fi facilities to their students and users. Threat actors can use such networks and compromise Wi-Fi connections to launch ‘evil-twin’ attacks to exfiltrate confidential information from unsuspecting and insecure users. Since multiple people access the institution’s information network systems, it can be challenging to identify such attacks.

Perimeter focused environment

Usually, educational institutions focus on establishing a security perimeter to prevent malicious actors from accessing their networks. In the process, they concentrate less on insider threats and ignore the possibility that someone might have already accessed their information network system and already be creating mischief. Unfortunately, this myopic approach makes educational institutions vulnerable to advanced malicious actors.

Comparatively fewer security measures

Though university campuses and schools aim to secure their information network systems and prevent malware and phishing attacks, many have less stringent security measures, like in the financial and other business sectors, due to budgetary constraints and other reasons. Employing comparatively fewer security safeguards puts these institutions at a higher risk of a cyber attack.

Supposedly less awareness among users

While educational institutions are highly vulnerable, all of them do not usually employ top-level cybersecurity professionals to oversee their security strategies. As a result, there needs to be more awareness among their employees and vendors who access their systems. Besides, the steady stream of fresh students annually flowing into these institutions results in more users with lower awareness levels accessing various data. As a result, it widens the scope of the cyber attack vector for malicious actors to launch phishing and malware attacks.

Steps Educational Institutions Can Take to Prevent Malicious Attacks

As educational institutions are highly vulnerable to cyber attacks, securing their cybersecurity infrastructure becomes a top priority. The education sector can employ the following strategies to prevent malicious attacks and protect its information assets from data breaches and ransomware incidents.

Strengthen the Wi-Fi security using WPA3 connections and compatible devices

Every internet device must be WPA3 compliant today, as cybersecurity professionals globally consider this connection standard the most secure. Furthermore, since educational institutions usually offer free Wi-Fi to their students, employees, and other users within the campus, it becomes imperative to strengthen the Wi-Fi connections by using WPA3 protocols.

Improve incident detection and response, and data monitoring systems.

Traditionally, human error is a primary vulnerability that educational institutions and other organizations encounter. Therefore, they should improve their network and data monitoring systems to prevent malicious activities. It can help quarantine the affected assets if identified on time. Secondly, there should be an increased focus on incident response strategies because time is crucial when an incident takes place. The longer the delay in responding to an incident, the greater the damage.

Keep network systems and devices up-to-date with vulnerability scanning and effective patch management.

Cyber attackers keep looking for new vulnerabilities and innovative ways to infiltrate information network systems. Therefore, educational institutions should ensure efficient vulnerability scanning and deploy appropriate patch management strategies to address cyber threats. The standard protective control measures include application firewalls, anti-virus software, intrusion prevention systems (IPS), data loss prevention (DLP), URL filtering, and email security.

Ensure effective IAM and PAM systems are in place.

Insider threats are challenging to detect because malicious actors, in that case, are people who know the systems and their vulnerabilities better than external attackers. Therefore, educational institutions should have proper network segmentation to prevent lateral and horizontal movement. In addition, they should employ effective IAM (Identity and Access Management) and PAM (Privileged Access Management) systems to ensure that authorized users get only activity-based access to the information network system following principles like ‘least privilege’ and ‘need to know.’

Improve user education and ensure proper user control measures.

Proper user education can help stop cyberattacks before they occur. Therefore, every educational institution should disseminate quality information on cyber hygiene and ensure suitable user control measures. For example, maintaining password hygiene can prevent data breaches and IoT attacks. In addition, proper cyber hygiene can help users identify phishing and social engineering attacks before they occur.

Hiring the right managed security service provider (MSSP) and advisors.

While encouraging users to maintain self-cyber hygiene is critical, educational institutions should also focus on hiring qualified managed security service providers (MSSPs) and advisors. It helps the system to remain updated with the latest and most robust security measures to prevent cyber attacks. In addition, quality cybersecurity staff ensure excellent backup support during emergencies.

Leverage specialized services.

Traditional anti-phishing software and tools can help deal with regular attacks. However, malicious actors employ advanced AI-based techniques to launch innovative attacks, prompting educational institutions to use specific AI-based tools for anti-phishing and state-of-the-art endpoint security. Specialized vendors provide these services that help prevent phishing and malware attacks.

Parting Thoughts

Cyber threat actors often target the path of least resistance when attempting to breach information network systems. Regrettably, educational institutions frequently fall into this category due to often insufficient security measures and IT staffing to safeguard their data assets. This vulnerability makes these institutions appealing targets for cyber attackers. With these limitations in mind, it is crucial for these establishments to utilize cutting-edge AI-enabled anti-phishing tools and implement advanced cybersecurity strategies to safeguard user credentials and essential data assets.

References
  1. Quorum. Why Higher Education Institutions are a prime target for cyber-attacks? (2021, August 31). Quorum Cyber; Quorum Cyber Security Limited. https://www.quorumcyber.com/insights/why-higher-education-institutions-are-a-prime-target-for-cyber-attacks/
  2. Morgan, C. Why is the Education Sector a Target for Cyberattacks? Enterprise Network Security Blog from IS Decisions. https://www.isdecisions.com/blog/it-security/why-is-education-a-target-for-cyberattack/
  3. Critical Insight. (n.d.). Top 10 cybersecurity priorities for schools. Criticalinsight.com. Retrieved February 19, 2023, from https://www.criticalinsight.com/resources/news/article/top-10-cybersecurity-priorities-for-schools
  4. Muravyova, E., Utkin, A., & Valiullin, B. (2020, November). Determining the vulnerability of educational institutions in terms of the requirements of the program “My city to prepare.” Researchgate.net. Retrieved February 19, 2023, from https://www.researchgate.net/publication/347036020_Determining_the_vulnerability_of_educational_institutions_in_terms_of_the_requirements_of_the_program_My_city_to_prepare
  5. Jalbout, M. (2019, July 17). Educating the most vulnerable: Universities’ greatest impact. Brookings. https://www.brookings.edu/opinions/educating-the-most-vulnerable-universities-greatest-impact/
  6. Taylor, H. (2019, September 26). Ransomware and phishing issues in educational institutions. Preyproject.com. https://preyproject.com/blog/ransomware-phishing-educational-institutions Avertium. (2022, June 7). The top 5 cyber threats within the education sector. (n.d.). Avertium.com. Retrieved February 19, 2023, from https://www.avertium.com/resources/threat-reports/top-5-cyber-threats-within-education

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Securing Texas’ Defense Industry: Why CMMC 2.0 Compliance Matters for Manufacturers

Texas-based Defense Industrial Base manufacturers (DIB) are crucial in supporting national security initiatives. However, these companies must navigate the increasingly complex landscape of cybersecurity regulations to maintain their competitive edge. In this blog post, we’ll discuss the importance of compliance with CMMC 2.0, a cybersecurity standard set by the U.S. Department of Defense (DoD), and how Texas-based DIB manufacturers can achieve and maintain compliance.

The Importance of CMMC 2.0 Compliance (source: CISA.gov) CMMC 2.0 is designed to ensure the security of sensitive government information on contractors’ networks (CISA, n.d.). Companies must demonstrate robust cyber protections against malicious actors and properly store and manage classified information. Failing to comply with CMMC 2.0 could result in losing lucrative government contracts and putting customers’ data and intellectual property at risk.

The Impact on Texas’ Defense Industry (source: raytheon.com) According to DTC Global Research and Raytheon Technologies Corp., federal contracts account for more than 40% of total economic activity in Texas’s defense industry sector (Raytheon Technologies, n.d.). Therefore, compliance with CMMC 2.0 is critical for Texas-based DIB companies to remain competitive, especially those involved in national security initiatives such as missile defense and space exploration.

Achieving CMMC 2.0 Compliance: Five Steps for Texas Manufacturers To achieve full CMMC 2.0 compliance, Texas manufacturers can take the following steps:

  1. Update Internal Policies: Ensure your internal policies align with current regulations and best practices (CISA, n.d.).
  2. Conduct Regular Assessments: Regularly assess your existing cybersecurity infrastructure to identify vulnerabilities and areas for improvement.
  3. Implement New Controls or Upgrade Existing Ones: Actively work to enhance your cybersecurity measures by implementing new controls or upgrading existing ones (CISA, n.d.).
  4. Establish Employee Training Programs: Develop a training program focused on cybersecurity awareness to help employees understand and mitigate potential threats (CISA, n.d.).
  5. Hire a Certified Third-Party Auditor: Engage a certified auditor who can independently assess your systems and guide how best to comply with CMMC 2.0 requirements (CISA, n.d.).

For Texas-based defense manufacturers, complying with CMMC 2.0 standards is essential to remain competitive in the government contracting market. By taking proactive steps to enhance cybersecurity and following best practices, these companies can protect their networks from potential threats and secure high-value contracts from the DoD in the coming years.

 

References: Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). Cybersecurity Maturity Model Certification (CMMC). Retrieved from https://www.cisa.gov/cybersecurity-maturity-model-certification-cmmc

Raytheon Technologies. (n.d.). Texas Defense Industry. Retrieved from https://www.raytheon.com/texas-defense-industry

 

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Strengthening Cybersecurity: The Imperative of Testing Controls against PRC State-Sponsored Cyber Attacks in Texas Mid-Market Manufacturing Firms

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an advisory (AA23-144A), underscoring the persistent threat posed by PRC state-sponsored cyber actors. This advisory detailed how these actors employ the Living off the Land technique, exploiting commonly used software, tools, and protocols, and blending their malicious activities within regular network traffic. Consequently, the threat is difficult to detect and can linger undetected within networks for extended durations.

Faced with such sophisticated threats, firms must proactively test their cyber controls. The importance of identifying system vulnerabilities susceptible to exploitation using the Living off the Land technique cannot be overstated. Testing controls also presents the opportunity to understand the modus operandi of these cyber actors, enabling firms to adopt proactive measures to counter these threats.

The mid-market manufacturing firms in the Defense Industrial Base (DIB) in Texas operate in a world of unprecedented cyber threats, with the People’s Republic of China (PRC) state-sponsored cyber actors being of notable concern. These malicious actors use a technique referred to as “Living off the Land,” leveraging legitimate processes and services within a system to infiltrate and evade detection. Understanding why these firms should robustly test their cyber controls in this context is crucial for national security and industrial resilience.

Today’s globalized marketplace has created interdependencies that significantly threaten national security. For example, Texas, a significant contributor to the U.S. DIB, has experienced the strategic focus of PRC’s cyber actors on mid-market manufacturing firms. These organizations, often less equipped to withstand sophisticated cyber threats than larger counterparts, are considered soft targets, and their compromise can negatively impact U.S. defense capabilities.

One primary reason to test cyber controls is the proliferation of the Living off the Land technique. This strategy sees PRC state-sponsored cyber actors exploit commonly used software, tools, and protocols, effectively masking their activities amidst regular network traffic. It’s an alarming prospect, given that these attacks are hard to detect and can persist in networks undetected for extended periods.

Thoroughly testing controls provides an opportunity to identify vulnerabilities within the system that may be exploited using the Living off the Land technique. It also allows organizations to understand how these actors operate, enabling them to take proactive measures to mitigate the risk of infiltration.

Moreover, the constant evolution of cyber threats necessitates the frequent testing of controls. The PRC’s cyber capabilities are evolving, continuously seeking new ways to exploit vulnerabilities in their targets. Staying ahead of these threats requires constant vigilance, regular review, and updating of cyber controls. The ability to anticipate and swiftly respond to these ever-changing threats hinges on a keen understanding of the landscape, which is only achievable through regular testing.

Additionally, the potential economic impact of a successful cyber-attack on mid-market manufacturing firms cannot be overstated. From production disruptions to the leakage of sensitive information, the financial repercussions can be crippling. Such firms play a significant role in the Texas economy, and the broader U.S. DIB, and their compromise could have a cascading effect on the economic and security landscape.

The regulatory environment necessitates robust testing of cyber controls. For example, regulations such as the Cybersecurity Maturity Model Certification (CMMC) require that DIB contractors demonstrate a level of cybersecurity maturity that matches the sensitivity of their work. Regular testing of controls helps meet these regulatory requirements but also helps create a cybersecurity culture within the organization.

All in all, testing cyber controls in mid-market manufacturing firms in Texas within the DIB is not a choice but a necessity. To remain resilient, these firms must adopt robust and frequently tested controls amid sophisticated PRC state-sponsored cyber threats. By understanding and preempting the techniques used by malicious actors, these firms can maintain the integrity of their networks and continue to contribute safely and securely to U.S. defense capabilities.

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

A Deep Dive into the Updated GLBA Safeguards Rule

On December 9, 2021, the Federal Trade Commission (FTC) introduced final regulations amending the Standards for Safeguarding Customer Information, a critical component of the Gramm-Leach-Bliley Act (GLBA) mandates on customer privacy protection. The alterations, effective from June 9, 2023, impact postsecondary institutions and highlight changes in the Department of Education’s (Department) enforcement of GLBA stipulations. Consequently, institutions are urged to update their practices to meet the requirements of the revised rule.

Under the previous GLBA Safeguards Rule, postsecondary institutions and third-party servicers agreed to shield student financial aid information related to the administration of Federal student financial aid programs. This obligation extended to include all Federal Student Aid applicant information and any data obtained from the Department’s systems for administering Title III and Title IV programs.

The Department has consistently encouraged these institutions to adhere to GLBA requirements and adopt security standards, such as NIST 800-171, to fulfill ongoing obligations under GLBA. As a result, institutions have been subject to periodic audits to ensure compliance with GLBA requirements.

The newly revised GLBA Safeguards Rule brings a refreshed understanding of customer definition and new requirements for safeguarding information. Customer information, as defined by the rule, refers to data procured while providing a financial service to a current or former student. The main objective of the GLBA standards is to ensure student information’s security, protect against threats, and prevent unauthorized access.

Institutions must develop, implement, and maintain a comprehensive written information security program featuring nine critical elements to achieve these objectives. These include designating a qualified individual for implementing and overseeing the program, basing it on a risk assessment, implementing safeguards to control identified risks, and regularly testing and monitoring its effectiveness, among other things. Institutions with fewer than 5,000 consumers must address only the first seven elements.

In April 2022, the FTC released a publication titled “FTC Safeguards Rule: What Your Business Needs to Know,” which serves as a compliance guide for entities. It provides in-depth information about the nine required elements and outlines what a good security program should look like.

Failure to comply with the Safeguards Rule after June 9, 2023, the effective date, may affect an institution’s participation in the Title III and Title IV programs. The Department plans to resolve GLBA findings from a compliance audit or other means by evaluating the institution’s information security safeguards to determine its administrative capability.

In cases where an institution or servicer is found not to comply with the Safeguards Rule, they will need to revise their information security program and provide the Department with a Corrective Action Plan (CAP). Repeated non-compliance may result in administrative action by the Department, affecting the institution’s or servicer’s participation in Title III and Title IV programs.

The Department intends to issue further guidance on NIST 800-171 compliance. However, it reiterates that meeting GLBA requirements differs from complying with NIST 800-171 and encourages institutions to integrate information security controls required under NIST 800-171 as soon as possible.

Where can I find more information? For additional information, see FSA’s electronic announcement: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements. If you have questions regarding the Department of Education’s enforcement of GLBA, please get in touch with FSA_IHECyberCompliance@ed.gov. More information is also available on the Federal Trade Commission’s website. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements | Knowledge Center

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Why IoT Strategy Matters in Gas Pipeline Networks

The rapid expansion of the Internet of Things (IoT) has led to greater connectivity and improved efficiency across numerous industries, including the gas pipeline network. However, increased reliance on IoT devices also presents new cybersecurity challenges. In this blog post, we’ll discuss the Colonial Pipeline incident as a case study to highlight the importance of cybersecurity in IoT devices used in gas pipeline networks.

The Colonial Pipeline: A Wake-Up Call

In May 2021, Colonial Pipeline, one of the largest fuel pipelines in the United States, fell victim to a ransomware attack that forced a shutdown of its operations (The New York Times, 2021). This cyberattack led to gasoline shortages and price spikes across several states, emphasizing cybersecurity’s crucial role in maintaining the safety and security of gas pipeline networks.

IoT Devices: The Weakest Link?

IoT devices, designed primarily for ease of use, can often be the weak link in the cybersecurity chain for gas pipeline networks (CISA, n.d.). Many of these devices are connected to the internet and possess limited processing power and memory, making it challenging to update their security features. In the Colonial Pipeline incident, hackers exploited the company’s IT infrastructure vulnerability to access its systems, underlining the need for robust cybersecurity measures for IoT devices within gas pipeline networks.

Addressing the Challenge: A Multi-Layered Approach

To ensure the security of IoT devices in gas pipeline networks, it is crucial to adopt a multi-layered approach that includes both physical and software-based security measures (CISA, n.d.):

        1. Physical Security Measures: Implementing firewalls, access control systems, and network segmentation can help limit the spread of potential cyberattacks, reducing the risk of hackers accessing sensitive information or compromising pipeline control systems.
        2. Software-Based Security Measures: Encryption, secure protocols, and regular software updates are critical for safeguarding IoT devices in gas pipeline networks. Encryption protects sensitive data from being intercepted or stolen, while secure protocols like SSL/TLS ensure communication between devices remains private and tamper-proof. In addition, regular software updates help address known vulnerabilities and enhance overall system security

The Colonial Pipeline incident is a stark reminder of the need for robust cybersecurity measures in the gas pipeline network. As IoT devices play an increasingly important role in monitoring and controlling pipelines, it is essential to protect them from cyberattacks by adopting a multi-layered approach to cybersecurity that incorporates physical and software-based security measures.

Sources:

The New York Times. (2021). A Cyberattack Forces Shutdown of a Top U.S. Pipeline. Retrieved from https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html

Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). Internet of Things (IoT) Security. Retrieved from https://www.cisa.gov/iot-security

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

U.S. Department of Education Reinforces Compliance with Updated Safeguards Rule

On February 9, a significant update was issued by the U.S. Department of Education’s Federal Student Aid (FSA) office. The update pertains to compliance with the Safeguards Rule, a component of the Gramm-Leach-Bliley Act (GLBA) that deals with customer records and information security and confidentiality. The GLBA, as described by the Federal Trade Commission (FTC), sets out to provide a robust framework for financial institutions to protect their customers’ personal data.

The GLBA applies to institutions of higher education that engage in financial activities such as providing student loans or banking services. Non-compliance with GLBA regulations may lead to the loss of eligibility for federal funding, potentially impacting the institution’s ability to offer financial aid to students. Non-compliance with GLBA regulations may lead to the loss of eligibility for federal funding, potentially affecting the institution’s ability to provide financial assistance to students.

The notice from the FSA emphasized the FTC’s decision to bring the revised Safeguards Rule into effect from June 9, 2023. The update outlines the major points of the Safeguards Rule following modifications made by the FTC in December 2021, highlighting FSA’s expectations for compliance.

A critical aspect of the announcement lies in how it applies the GLBA-defined term “customer information” to higher education, the domain of FSA’s oversight. “Customer information,” as defined under the GLBA, refers to data obtained during the provision of financial services to a student, whether current or past. The scope of financial assistance can include administering Title III and Title IV programs, offering institutional loans, including income share agreements, or servicing a private education loan for a student.

The FSA notice zeroes in on two main provisions of the revised Safeguards Rule, set to become effective in June:

  1. The requirement for institutions to encrypt customer data both at rest within institutional systems and during transmission across external networks.
  2. The mandate for multi-factor authentication (MFA) for anyone accessing customer information via institutional systems.

These provisions underscore the FSA’s commitment to enhancing data security and privacy within higher education institutions. However, the notice also alludes to some uncertainties in the enforcement process for Safeguards Rule compliance. It mentions that the FSA will resolve compliance issues linked to the new Safeguards Rule provisions once they come into effect, primarily through institutional Corrective Action Plans (CAPs). It doesn’t clarify what “other means” could lead to a compliance investigation nor provides any framework for the CAPs that institutions need to create and execute.

The reference to “other means” may stir apprehension, echoing a situation years ago when an FSA official sent compliance notices based on media reports of alleged cybersecurity incidents. This necessitates clear communication from the FSA regarding potential triggers for compliance investigations, apart from federal single audit findings.

Concluding the notice, FSA reinforces the importance of institutions adopting the NIST SP 800-171 cybersecurity guidelines concerning federal student financial aid data. The federal government’s controlled unclassified information (CUI) regulations will soon mandate institutional compliance with NIST SP 800-171.

As these changes unfold, CAG is committed to closely collaborating with community members to ensure that FSA’s guidance and enforcement adequately address the regulations and compliance areas.

Where can I find more information? For additional information, see FSA’s electronic announcement: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements. If you have questions regarding the Department of Education’s enforcement of GLBA, please get in touch with FSA_IHECyberCompliance@ed.gov. More information is also available on the Federal Trade Commission’s website. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements | Knowledge Center

 

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

How Can a Phishing Attack Lead to More Fatal Cybercrimes Like Ransomware, and How Can Educational Institutions Keep Them at Bay?

As phishing attacks continue to threaten individuals and organizations, educational institutions are particularly at risk due to the sensitive information they handle. This article will explore the connection between phishing attacks and ransomware and discuss practical strategies for educational institutions to protect themselves from such threats.

One of the biggest threats that all internet users face is phishing. Phishing schemes attempt to trick individuals into providing their personal information, such as login credentials and credit card numbers, to cybercriminals masquerading as legitimate sources. Not to mention, the consequence of falling for these schemes can be dire.

However, things can get much worse. Cybercriminals are also on the prowl for even more damaging attacks, such as ransomware hacks. Ransomware attacks can lock down critical information to prevent users from accessing it unless they pay the ransom demanded by the attackers.

Unfortunately, educational organizations are even more susceptible to these attacks due to the sensitive information they possess, such as student records, financial reports, and research data. This reality puts even more pressure on educational institutions to stay vigilant and proactive to avoid security breaches.

To ensure the safety and integrity of such sensitive data, educational institutions need to take proactive measures to avoid phishing and ransomware attacks. A robust security system is crucial in ensuring the confidentiality, integrity, and availability of sensitive data stored on the organization’s systems.

Reasons Phishing Attacks are Rampant

In 2020, phishing emails and websites were the most common entry points for ransomware, with over 610,000 unique phishing websites identified. The concerning trend has continued into 2023, highlighting the ongoing threat posed by phishing attacks in the current digital landscape. But how does phishing run rampant throughout the digital world? The following sections have an answer.

1. Use of AI-ML-based Tools by Attackers
Phishing attacks have become increasingly sophisticated with attackers’ use of AI-ML-based tools. These tools allow attackers to automate and personalize their attacks, making them more convincing and harder to detect. For instance, attackers use machine learning algorithms to create compelling phishing emails that mimic the writing style and language used by the victim’s contacts, making it easier to dupe the victim to fall for the scam. And with the advancement of AI-related tools widely available on the market, the malicious attacks of threat actors have become more efficient, effective, and profitable.

2. Availability of Phishing Kits
Phishing kits have empowered threat actors by providing them with professionally written, pre-built tools that enable them to launch phishing attacks with minimal effort or expertise. These kits, available for purchase on the dark web, contain thousands of lines of code and can be easily configured based on the attacker’s campaign. Following such an approach allows threat actors to launch campaigns quickly and effortlessly, making it difficult for defenders to keep up with the rapidly changing threat landscape.

3. Inadequate Security Awareness
The most significant vulnerability malicious actors exploit is the inadequate employee training on security awareness in some institutions, particularly in phishing and ransomware. This deficiency is the primary reason why such attacks continue to succeed. It can severely undermine employees’ ability to recognize phishing attacks and respond appropriately, resulting in devastating consequences. Failing to address this training and security gap leaves organizations vulnerable to threat actors who are too eager to exploit it.

Understanding the Connection Between Phishing and Ransomware

Phishing has emerged as the primary vehicle for delivering ransomware, making it the most significant cyber threat to organizations in recent years. 78% of organizations experienced at least one ransomware attack in 2021, with 68% attributing the cause to direct email payload or second-stage malware delivery. In addition to that, IBM’s Cyber Resilient Organization Study identified the top three causes of ransomware as phishing (45%), malicious websites (22%), and social media (19%). Phishing and ransomware are closely related because phishing is one of the root methods for delivering ransomware.

The success of a ransomware attack often depends on the attackers’ ability to deliver the malware to the victim’s system, which is why they frequently use phishing emails as a delivery method. The social engineering schemes, carefully crafted to appear legitimate and customized to specific targets, making them difficult to identify, and the sheer volume of emails received by individuals, especially students, has made it challenging for them to scrutinize incoming emails and note suspicious red flags, increasing successful phishing attacks.

Why are Educational Institutes Easy Targets for Phishing and Ransomware Threat Actors?

With limited IT resources, some educational institutes may be unable to keep up with patch management and other maintenance processes that keep systems safe from exploits. The inadequacy of cybersecurity countermeasures limited IT resources, and the pressure to deliver educational services make schools and educational systems an attractive target for malicious actors.

All educational institutes are not adequately immune to phishing and ransomware attacks, as revealed by an 18-year-old student named Bill Demirkapi at the recent Def Con hacker conference. Demirkapi revealed that his school’s software, including Blackboard’s Community Engagement software and Follett’s Student Information System, contained multiple vulnerabilities that could be exploited using SQL injection and XML inclusion attacks to steal PII (Personally Identifiable Information) or even manipulate grades.

Here are some recent ransomware attacks on school districts to showcase how all educational institutes are not safe:

    • Louisiana Schools: Three school districts in Louisiana were targeted by a ransomware attacker in July 2019. It crippled several phones, IT systems and the state-activated emergency cybersecurity powers to bring in the National Guard and cyber experts.
    • Columbia Falls School District: The school district was threatened by malicious actors with a data lockup expecting a ransom of $150,000. The attackers declared they would expose student names, addresses, and grades if they didn’t receive the demanded amount.
    • Syracuse: The New York City schools were hit with a ransomware attack that locked down one of their computer systems. The district paid the ransom, partially covered by insurance, but they were still locked out of their servers even after paying the ransom.

How Can a Phishing Attack Lead to More Fatal Cyberthreats Like Ransomware?

A phishing attack is a common and effective method used by threat actors to gain unauthorized access to sensitive data in educational institutes by tricking victims into disclosing personal information or downloading malware. While phishing attacks seem independent, they could be a first step to more severe cyber threats such as ransomware, malware, data theft, and more.

Malicious actors often use phishing attacks to deliver ransomware or malware payloads because they can customize phishing emails to target specific individuals. In a successful phishing attack, the attacker can introduce ransomware into the victim’s system, rendering their data inaccessible unless a ransom is paid, causing significant harm to the victim.

Strategies for Preventing Phishing and Ransomware Attacks in Educational Organizations

Here are a few practical strategies for preventing phishing and ransomware attacks in educational institutes:

    • Leveraging AI-Based Anti-Phishing Solutions: One vital strategy to prevent phishing and ransomware attacks in educational institutes is leveraging AI-based anti-phishing solutions. These solutions use machine learning algorithms to detect and block phishing emails before they reach their targets. They can also analyze email content and metadata to identify suspicious patterns and behavior, such as unusual IP addresses or domain names, and flag them for further investigation.
    • Engaging a Trusted Vendor or Managed Security Service Provider (MSSP): Engaging a trusted vendor or MSSP is critical in preventing phishing and ransomware attacks in educational institutes. These providers have the expertise, experience, and resources to provide comprehensive security solutions, including threat intelligence, risk assessments, vulnerability management, and incident response. They can help educational institutes implement security best practices and provide ongoing support.
    • Educate Faculty, Staff, and Students: Among the most effective ways to prevent phishing and ransomware attacks is educating everyone in the educational institution on the risks of such attacks. Conduct regular training sessions that help them identify and avoid suspicious emails, attachments, and links. This way, they can recognize phishing emails and report them to the IT department before any damage is done.
  • Implement a Strong Security Policy: The first step is establishing a robust security policy. School networks should block access to potentially risky sites, and student app downloads should be monitored and restricted. Educational institutions must also include mobile security in their cybersecurity strategies since threat actors often use mobile IoT devices, such as laptops, desktops, smartphones, or tablets, to gain access to the network. IoT device testing and implementing end-to-end encryption can significantly reduce the risk of attackers.
  • Access Control Implementation: Given that educational institutions have a vast network of students, teachers, and staff, it is crucial to implement access control measures that limit individuals’ access to only the required programs. IAM (Identity and Access Management) systems working on the ‘least-privilege’ and ‘need-to-know’ principles are found to be efficient in preventing malicious infiltration significantly. Access control offers two critical advantages. Firstly, it prevents unauthorized individuals from accessing sensitive information. Secondly, it limits attackers’ ability to cause harm if they compromise someone’s account.

Higher Ed must prioritize investing in modern and effective cybersecurity technologies to protect themselves against the constantly evolving threat of cybercrime.

Educational institutions face a significant threat from phishing attacks, which can escalate into more dangerous cyber threats like ransomware. To safeguard against such risks, educational institutes must proactively implement practical strategies for preventing and mitigating the damage caused by phishing attacks and other related cyber threats. It can be achieved by raising awareness among staff and students, implementing strong security measures, and working with experienced cybersecurity experts. Education institutes can ensure their systems and data safety and security by taking concrete steps, such as adopting AI-based anti-phishing solutions to keep their information assets secure from malicious actors.

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Phishing: How The Monster Is Changing Its Shape and Size – Phishing Protection in a Post-COVID World

Cyber scams during COVID-19 have shaped a new term – scamdemic: a global epidemic of frauds and scams. There was an unprecedented rise in cybersecurity scams during the pandemic. Phishing emerged as the most frequent attack type. Read on to learn how malicious actors changed their tactics in 2022 and how you can protect yourself.

The COVID-19 pandemic changed how people live, including how all conduct business and social interactions and how work lives function. Regarding the latter, enforcement of social distancing and lockdowns resulted in an increasing number of people experiencing changed work habits. Some employees adapted – often even abruptly – to using messaging apps, digital platforms, and other communication channels for everyday activities. Thus, there was a worldwide shift from office to remote (home) work. The overlooked consequence of the change was the increase in cyber risks, which resulted in a rapid escalation of cyber-attacks.

The State of Phishing Report for 2022 by SlashNext highlights that traditional security strategies, including proxy servers, secure email gateways, and firewalls, no longer prevent phishing threats, especially as attackers increasingly launch these attacks from personal and messaging apps and trusted servers. Thus, phishing attacks are a rising concern, as the following statistics show.

Key Statistics

Here is a look at the key statistics which signify the rising phishing problem:

  • SlashNext analyzed numerous link-based URLs, messages, and attachments in email, browser, and mobile channels in 2022 and found over 255 million attacks – a 61% rise in phishing attack rates compared to 2021.
  • A Check Point Research (CPR) report found emerging social engineering scam trends shifting away from tech giants and shipping establishments toward social networking sites. In Q1 2022, social networks became the most targeted category, followed by shipping.
  • Zscaler pointed out that, from January to March 2020, COVID-19-themed phishing attacks increased by 30,000%.
  • APWG’s Phishing Activity Trends Report says that phishing attacks hit an all-time high in 2021. December 2021 recorded an unprecedented 300,000 attacks, signifying these incidents became over three times more common than they were two years before.
  • UK’s Cyber Security Breaches Survey 2022 signifies that phishing is the most common cyber threat that targets UK businesses and charities. 83% of them suffered a phishing scam.
  • 2022’s first quarter saw a dramatic rise in phishing attacks. CheckPoint revealed in its 2022 Q1 Brand Phishing Report that malicious actors planned phishing attacks impersonating professional social networking websites. Attacks related to LinkedIn alone comprised over half (52%) of all phishing attempts globally. 

Post-COVID Threat Landscape Isn’t Reducing – Threat Actors Are One Step Ahead

Once authorities lifted the COVID-19 restrictions, employees started moving back to their offices, and malicious actors adapted to the change again. While remote workers were their primary targets for 18 months, new phishing campaigns targeted those who were returning to the physical workplace. The following are some prominent examples:

  • Cofense observed an email-based campaign that targeted employees with emails impersonating their CIO and welcoming them back to the office. The emails appeared legitimate and contained the organization’s official logo and the CIO’s signature. The message outlined the organization’s new precautions and business operation changes connected with the pandemic.
  • India saw a surge in new phishing techniques after the government launched electric vehicle (EV) incentives.
  • Some phishing attempts preyed upon financial fear. For example, In a  scam,  bank customers were informed that their accounts were on hold due to suspicious logins or transactions. Users became victims when they attempted to resolve the issue by clicking on the embedded link.
  • The BazarBackdoor attackers send malware-free mail, bypassing email security and directing users to a website contact form. Once a user submits the form, the perpetrators send malware through a purported response file through a file-transfer service to avoid email security.
  • Some latest phishing attacks send malware links through QR codes embedded in emails or stickers in restaurants or public locations. The QR codes directly execute malware or redirect the users to credential-stealing websites.
  • Microsoft recently discovered a multi-stage phishing attack on businesses that don’t use multi-factor authentication. The first stage steals an employee’s email credentials, and the second stage creates a new Office 365 account in their name on a rogue device. After getting established on the new computer, the threat actors use the victim’s account to send internal phishing attacks to the organization or clients using legitimate email accounts.

Top 2022 Phishing Tactics Used By Malicious Actors

In 2022, phishing attacks exploited vulnerabilities unheard of earlier. Here are the year’s top tactics:

  • Typosquatting: Threat actors register domains that users can enter by accident. For example, instead of typing www.phishingexample.com, a user can type www.phishingexanple.com (hitting the ‘n’ key next to the intended ‘m’ key by mistake). If an attacker registers the www.phishingexanple.com domain, the user enters the attacker’s website instead of the legitimate www.phishingexample.com website. If the imposter website looks the same as the legitimate one, the user can easily get tricked into sharing their credentials.
  • Lookalike Domain Attacks: While typosquatting depends on the victim making a typo, lookalike domains exploit the difficulty of differentiating between words or similar characters. For example, an attacker can craft a phishing email with an uppercase “I” instead of the lowercase “l,” making www.iurethevictim.com look like Iurethevictim.com. Having end users targeted by what they think is a legitimate website opens various challenges, like loss of user confidence, theft, fraud, and reduced traffic (and business) to your website. Thus, if you can quickly discover and avoid scam sites, you can mitigate the risks linked to fraud and loss of brand reputation.
  • Executive Impersonation: Executive impersonation is an effective tactic. If malicious actors can spoof or compromise an executive’s email account, they can craft phishing emails to lure unsuspecting users to legitimate-looking phishing. If the user who suspects the fake email to be from their boss enters their credentials into the spoofed website, the attackers steal them and gain unauthorized access.
  • Credential Reuse Attacks: Unfortunately, credential reuse (using the same password, etc., across different platforms) is common among end users because it is inconvenient to create new credentials for every application. If a phishing attack retrieves a credential set successfully, the attackers can access other applications with the same information. Because of credential reuse, such attacks grant attackers access to multiple accounts across various platforms.
  • High-Level Employee Targeting: High-level employees can access sensitive, confidential, and proprietary information that other employees cannot. If attackers obtain their login credentials, they can access sensitive corporate data in the cloud (which organizations store within their network perimeter). Thus, these credentials are the keys to the domain, and stealing them makes threat actors capable of planning large-scale data breaches traditionally mitigated by network perimeter solutions.
  • Financial Scams: Sophisticated phishing campaigns target login credentials and aim to steal financial information from end users. In a financial scam-type phishing attack, the threat actors trick the user into visiting a phishing site, making them share personal or financial information and conduct financial transfers or transactions with it. For example, threat actors may design a site pretending to be a charity platform raising money for the pandemic victims. The unsuspecting users might get fooled into donating cash through it.
  • Business Email Compromise: In BEC, malicious actors spoof the email credentials of top officials of an organization, like the CEO. They then send orders to subordinates to make money transfers of massive amounts. The assistants follow the instructions thinking it to be their boss’s command. Business email compromise (BEC) is rising, and attackers exploit it to make money from fake wire transfer requests.
  • Spear Phishing on Small Businesses: In today’s growing threat landscape, there is nothing too small to become a phishing attack target. Small businesses get targeted frequently with cyberattacks because they often have less IT security than large organizations. Spear phishing is more dangerous than phishing because it is targeted and not generic. Threat actors deploy it in an attack using BEC.
  • Using Initial Access Brokers to Make Phishing Attacks More Effective: One-way threat actors make more money is by taking help from specialists called Initial Access. They are malicious actors who only focus on initially breaching the network or organizational accounts. The rising use of these experts in the field makes phishing attacks more threatening and difficult for end users to detect.

How To Redefine Cybersecurity in a Post-COVID World

Organizations’ strategies to counter the threats mentioned above will vary according to each organization’s cyber security maturity level. Generally, they must focus more on new cybersecurity models, including ‘zero trust.’ Following are ways individuals and organizations can remain protected:

  • Antivirus Protection: Employees must have an antivirus software license for their information systems. A good antivirus solution can eliminate many attacks.
  • Cybersecurity Awareness: Organizations must brief their staff on best procedures and practices to regulate sending emails or sensitive content to other parties or cloud storage.
  • Phishing Awareness: Employees must remain vigilant when receiving emails and check the sender’s addresses’ authenticity.
  • Home Network Security: Employees must ensure that their home Wi-Fi remains protected by a strong password.
  • Using VPN: Virtual private networks offer an additional protection layer to home internet use. They can remain a stringent barrier against cyberattacks.
  • Identifying Vulnerable Spots: Each IT system has vulnerabilities. Organizations must run tests to identify and patch them quickly. It can take the form of vulnerability scanning or penetration testing. Furthermore, businesses must perform hardening of technical infrastructure components.
  • Frequent Reviews: Organizations must evaluate cybersecurity risk exposure regularly and determine whether the existing controls are robust. The IT teams must consider new cyberattack forms during these reviews.
  • Renewing Business Crisis and Continuity Plans: Top managers must update their business continuity plans considering various cyberattack.

More advanced measures that users can take are:

  • Applying New Tools and Technology: IT teams can use advanced tools like host checking (which checks the endpoint’s security posture before authorizing access) to reinforce remote work security.
  • Intelligence Techniques: Businesses must encourage proactive cyber threat intelligence to identify indicators of attacks (IOC) and address them.
  • Risk Management: Organizations can apply GRC (governance, risk, and compliance) solutions to improve risk management. GRC solutions offer a detailed view of the organization’s risk exposure and help link various risk disciplines (cybersecurity, business continuity, and operational risks).
  • Prepare for Attacks: In today’s high-risk times, businesses must carry out frequent cyber crisis simulation exercises and prepare their response to a phishing attack.
  • Zero Trust Infrastructure: CIOs and CISOs must consider implementing the zero-trust framework for cybersecurity. It is a security model where only authorized and authenticated devices and users get access to applications and data.

The COVID-19 pandemic taught people that preparation is critical to limit the risks linked to cyberattacks. Malicious actors have been clever in changing their tactics to adapt to changing situations and executing sophisticated phishing attacks. The ability of a user to quickly react to unforeseen events helps lower the impact of a cyberattack. Today, organizations that benefit from secure remote work capabilities are better prepared to face the growing risk of phishing attacks. Consequently, businesses fearing risks must quickly assess their exposure to phishing attacks and prioritize initiatives to address cybersecurity gaps.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

References

  1. Al-Qahtani, A. F., & Cresci, S. (2022). The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19. IET Information Security, 16(5), 324–345. doi:10.1049/ise2.12073
  2. Damcova, K. (2022, May 6). Phishing attack trends to beware of in 2022. Retrieved January 4, 2023, from IQ in IT website: https://iqinit.uk/news/phishing-attack-trends-to-beware-of-in-2022/
  3. Nabe, C. (n.d.). Impact of COVID-19 on cybersecurity. Retrieved January 4, 2023, from Deloitte Switzerland website: https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html
  4. Ideal Integrations (2022, March 14). New phishing techniques to watch for in 2022. Retrieved January 4, 2023, from Ideal Integrations® website: https://www.idealintegrations.net/beware-these-new-phishing-techniques/
  5. McCurdy, R. (2022, November 8). The Biggest Phishing Breaches of 2022 and how to avoid them for 2023. Retrieved January 4, 2023, from Security Boulevard website: https://securityboulevard.com/2022/11/the-biggest-phishing-breaches-of-2022-and-how-to-avoid-them-for-2023/
  6. Over 255m phishing attacks in 2022 so far. (2022, October 26). Retrieved January 4, 2023, from Security Magazine website: https://www.securitymagazine.com/articles/98536-over-255m-phishing-attacks-in-2022-so-far
  7. Page, C. (2021, June 1). Hackers are targeting employees returning to the post-COVID office. TechCrunch. Retrieved from https://techcrunch.com/2021/06/01/hackers-phishing-post-covid-office/
  8. (2022, September 28). Webinar wrap-up: Cyber security in a post-COVID world: New challenges & opportunities. Retrieved January 4, 2023, from Simplilearn.com website: https://www.simplilearn.com/cyber-security-challenges-and-opportunities-post-covid-article

 

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO - CISSP, CCSP, CCNP, MCSA, MCITP:EA,SA

Unlocking the Benefits of Cloud Migration in Higher Education

Cloud migration modernizes an organization’s data, applications, and infrastructure from on-premises systems to the cloud. The initial process can be complex and time-consuming. Still, it can bring significant long-term benefits to universities and other educational institutions that allow them to focus on their core aims of providing quality education. One of the main benefits of cloud migration for universities is cost savings. On-premises systems require expensive investments in hardware, software licenses, and expensive skillsets to support the many diverse environments, as well as ongoing patching, maintenance, and support costs. In contrast, cloud-based solutions are typically subscription-based, which means that universities can pay for only the resources they use rather than upfront costs for hardware and software. This can result in significant cost savings for universities, especially those with large and complex IT systems.

Another benefit of cloud migration for universities is increased flexibility and scalability. The majority of CAG (Columbia Advisory Group) higher education customers only need their full compute performance a few weeks a year while the rest of the year their hardware runs at less than 20% of its capability. Cloud-based solutions can be easily scaled up or down on demand to meet these changing needs, which can be particularly useful for universities that only experience performance fluctuations during enrollment. Additionally, cloud-based solutions can be accessed from anywhere with an internet connection, which is beneficial for students, faculty, and staff to access University resources and collaborate remotely. The Covid pandemic magnified the significance of educational institutions needing to support this capability.

Cloud migration can also improve the security and reliability of IT systems for universities. Cloud providers have robust security measures in place, such as multi-factor authentication and data encryption, which can help to protect against cyber threats and data breaches. In addition, cloud-based systems can be more reliable than on-premises systems, as they are typically backed by the redundant infrastructure and 24/7 support and can also scale to full parity, dependent on the criticality of the replicated system.

Finally, cloud migration can enable universities to take advantage of the latest technologies, such as artificial intelligence and machine learning. These technologies can improve a range of educational and research activities, from grading assignments and analyzing student data to conducting research and developing modern technologies.

In conclusion, cloud migration is an important consideration for universities looking to improve the efficiency, cost-effectiveness, and flexibility of their IT systems. By moving to the cloud, universities can realize significant benefits, including cost savings, increased scalability, improved security and reliability, and access to the latest technologies.  With tailored support from Columbia Advisory’s cloud experts, universities can ensure that their transition is smooth and secure. By leveraging the latest cloud technology, universities can equip themselves for a digital future and unlock all the benefits that come with it.

Picture of Ernest Bricker

Ernest Bricker

Director of Infrastructure Practice, Columbia Advisory Group