Cyber Thief’s are not just extorting money out of the Big Dogs anymore they have worked their way down the food chain even hitting individuals for ransom. How do they do it? They have automated tools that look for vulnerabilities, and target businesses, or organizations that have an open architecture. Universities are an easy target with the high student turnover. There is also the desire to allow a lot of sharing of information. Many times folks in academia are very focused on research with little time for complicated Cyber Security Protocols. The IT – Cyber Security team is an afterthought.
June 2020 BBC News Reports that $1.14 Million dollars was extorted from University of California San Francisco CA by Cyber Criminals using Ransomware. The initial demand was for $3.0 Million Dollars in Bit Coin to unlock the encryption of their data. After a series of negotiations the University eventually paid $1.4 Million and got access their data. Full Story here: https://www.bbc.com/news/technology-53214783 That does not mean that the Cyber Criminals have been permanently excluded from their system. Nor does it mean that all or part of their data won’t be sold to other cyber criminals. Once you have been compromised it is critical that IT identify All of the ways those criminals got into your system, then plug those hole ASAP.
A common vulnerability is having an Open RDP that is IT or more often Contractors with Remote Desktop Protocol (RDP) access. Should one of those folks get hacked, every device that they have access to is now vulnerable. Access should be terminated as soon as the need to access that machine is over. Also have clear procedures to remove RPD access from Employees and Contractors who leave your organization.
Another tool is to set your fire wall to prevent access from foreign IP addresses, that is if you have no need to allow access from outside your home country. As hackers will often route their attack through multiple and ever changing IP addresses during their attack some firewalls can stop access when the IP addresses represent Impossible Travel. So if at the start of the access attempt the IP address is in Toronto Canada, then a few minutes later it is coming from a Mexico City, Mexico IP address that is and impossible distance to travel in a few minutes and the software can be set to block it.
Even web based SAS Software such as Salesforce can be compromised. Having good security protocols in place will create a high wall for Cyber Criminals to climb. On the off chance this is a concern in your business it my be worth a quick conversation.