Educating users about how cyber security issues such as ransomware and distributed denial of service (DDoS) attacks can happen is key to reducing incidents, according to Frank Wadmore, IT networks and security manager at University of Central Lancashire.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Speaking to the audience at the 2017 Jisc Networkshop45, Wadmore said the number of attacks the University of Central Lancashire had suffered reduced after the IT teams began regularly educating staff and students in how to avoid creating a vulnerability.
“We’ve educated the users, we send lots of information out on a regular basis. We have noted there is a noticeable reduction in the outbreaks,” said Wadmore.
Universities and other educational establishments are some of the most targeted by cyber attacks in the UK.
A week after Central Lancashire began discussing what to do in the event of an attack, it was hit by a zero-day cryptolocking malware attack that took down part of the university’s shared working systems.
At first, the university was not sure how or where it started but worked to disable the university’s 1,500 shared drives, which could be accessed by 2,500 staff, to isolate the source of the ransomware.
After scouring the network to find unusual activity, the university spotted an inconsistency in the behaviour of one of the telecommunications links in a particular campus building, identifying that the malware originated from an infected email attachment that had been opened by a staff member.
Once they found the staff member who had infected the system, they approached her to find out what had happened and most importantly educate her on how to avoid similar computer infections in the future. “She was quite upset at the fact she had caused so much trauma,” added Wadmore.
The staff member who had given the malware access to the system had been expecting a parcel and, as is so often the case, had been using a personal email account to check for updates, where emails may not have been vetted so closely.
Although the person at the source of this attack was upset, people can react in a variety of different ways when approached about security – some told Wadmore’s team, “You frightened us when you came into the office”, and others think they are going to be fired as a result of a breach.
“The first thing we did when we went in to all of the events was explain, ‘We’re from IT security, we’ve found a problem, you’re not in trouble’,” said Wadmore.
This increased the co-operation from users when trying to pin down the course of events, which makes it easier to get the route of a problem and to communicate with and educate users to prevent as many attacks as possible.
Reaching out to users
In the wake of the university’s first attack, the security team began blocking up to 5.5 million emails a month that may cause harm, as well as block particular file extensions from access to protect the 6,000 imaged clients, 700 imaged mobile devices, more than 600 servers and four remote sites from being breached.
But as important as these measures are, educating users also gets results. Wadmore said the security department has performed talks and regularly sends out information to keep users up to date and remind them of the best ways to avoid malware and infection.
The advice given could be as simple as, “If it seems suspicious, delete it or contact the helpdesk and we can advise”, but raising awareness of possible threats has led to a reduction in outbreaks for the university.
“We ask users what they’ve done and we explain to them what they should have been doing,” said Wadmore.
“This education seems to work because we seem to be seeing a drop off, especially if a user has been personally affected.”
Other organisations, such as the government’s National Cyber Security Centre (NCSC), has also focused on educating users to avoid attacks, and has developed a set of seminars designed to educate UK politicians in how to avoid cyber threats.
Some members of Central Lancashire’s university staff claimed to be “frightened” when the cyber-security team showed up in the office, but Wadmore explained the team is “not bothered” by who started the attack as long as they can find out what happened and fix it. “The idea is reduce the impact on the business,” he said.
As the number of high profile cyber-security breaches that appear in the media increases, firms are looking for more cyber-security professionals but are finding it difficult to discover people with the right skills.