Pages

Saturday, March 12, 2022

Something is (still) missing

A program - hosted by UC - was held on the subject of cybersecurity recently. See below. Worrying about cybersecurity makes sense, given the current war in Ukraine. However, one thing seems to have been missing: any discussion of the Accellion breach last year, at least in the report. 

There is still no word on a subject of interest to the many folks in the UC community whose data were stolen: Will the one year of free Experian "dark web" monitoring UC provided to victims be renewed? We raised that issue on this blog two months ago.* No word on that issue. There is also no word on whether a ransom was paid or whether any monetary recovery from the company responsible for the breach has occurred. The latest word from UCOP is dated July 1, 2021:

https://ucnet.universityofcalifornia.edu/data-security/updates-faq/index.html

If you type "Accellion" into the UCOP search option, you get a notice that says:

Secure Attachment File Encryption (SAFE)

As of August 18, 2021, UCOP has discontinued the use of SAFE (Kiteworks). We now use GoAnywhere for our secure messaging and secure file transfer system.

https://www.ucop.edu/information-technology-services/services/ucop-it-services/accounts-e-mail-and-calendar/safe.html

Presumably, although there is no explicit reference to Accellion, this notice pops up because the file transfer system was the source of the breach.

On the cybersecurity program:

'Everyone' must prepare for university cyberattacks, says FBI agent

Emily Bamforth | 3-9-22 | EDSCOOP

“Everyone” should be involved in preparations for cyberattacks, including senior university leaders who lack technical expertise, speakers said during a virtual event Wednesday hosted by the University of California.

Making sure everyone knows areas of responsibility and who to call when there’s a breach — and practicing those responses — can help organizations prevent chaos, said Brett Yeager, a special agent in the FBI’s Cyber Division. Figuring out who to contact beforehand and running tabletop exercises can help universities respond to incidents more effectively because cybersecurity staff won’t have to wait for approval before taking action, he said.

“They’re not getting bogged down with a bunch of queries and questions to provide those updates,” Yeager said during the event.

Colleges and universities, which manage federal research data in addition to the personal and financial information of students and staff, continue to face a barrage of ransomware and other cyberattacks, which often disrupt operations.

Part of smoothing the response process involves determining an institution’s risk tolerance, which requires input from many offices and departments, said Kim Milford, executive director of the Research and Education Networks Information Sharing and Analysis Center. For example, chief financial officers should be involved in whether universities pay ransoms, she said.

“​​That has to be a tabletop at a very high level to get those decisions in place so that you have your policy and your procedures lined up,” Milford said. “You don’t want to be doing that in the middle of an incident — you want to have it in advance of the incident so that you can concentrate on managing the incident and not being a victim of the incident.”

In the FBI’s work with universities and colleges, Yeager said he’s noticed that institutions benefit from reaching out to peer institutions and law enforcement as part of their incident response planning. Those schools tend to have a better handle on where their data is stored and their plans to protect it against university cyberattacks, he said.

“They’re doing a very loud incident response [and are] not able to kind of methodically work their way through it,” he said of institutions that haven’t adequately prepared. “Also what I fear the most is a lot of times, they’re not in a position to really understand ‘how did his adversary get into the system in the first place, and how was the adversary able to move through the system?’ They just try to clean it up, patch it and move on.”

Conducting routine risk assessments can help inform university leaders as they develop risk-tolerance and response plans, said University of California Chief Operating Officer Rachael Nava said during the event. She said universities need “comprehensive conversations” across their organizations about response and how to spend a limited cybersecurity budget to shore up operations.

“Your IT professionals can help you quantify the risks that you’re facing, but then it’s up to the leaders and the business leaders then to weigh up what do those metrics mean,” she said.

Source: https://edscoop.com/university-cyberattacks-fbi-response/.

===

*http://uclafacultyassociation.blogspot.com/2022/01/remember-breach-its-getting-to-be-time.html.

No comments: