TechTronBlog.com

Technology, Innovation, Collaboration
Menu
  • Features
  • Gadget
  • Mobile
  • Uncategorized

Daily Tech Updates Sent to your Email

Join our Newsletter
Home
Features
University CISOs say zero trust is the best defense against the existential threat of phishing
Features

University CISOs say zero trust is the best defense against the existential threat of phishing

August 21, 2020

Stanford has replaced logins and passwords with a digital key to improve endpoint security.

Proofpoint hosted a roundtable of chief information security officers hosted by Ryan Witt, cybersecurity strategy director, education, Proofpoint (upper left) that included Helen Patton of the Ohio State University, Erik Decker of University of Chicago Medicine, and Michael Duff of Stanford University.

” data-credit=”Image: TechRepublic” rel=”noopener noreferrer nofollow”>proofpoint-higher-ed-ciso-roundtable.jpg

Proofpoint hosted a roundtable of chief information security officers hosted by Ryan Witt, cybersecurity strategy director, education, Proofpoint (upper left) that included Helen Patton of the Ohio State University, Erik Decker of University of Chicago Medicine, and Michael Duff of Stanford University.

Image: TechRepublic

CISOs at Stanford University, the University of Chicago Medicine, and The Ohio State University list phishing as the top security threat to students, professors, and researchers. The group also agreed zero trust is the best security approach but a hard sell in an academic setting.

Chief information security officers from these schools talked with Ryan Witt, the cybersecurity strategy leader at Proofpoint, during a webinar about how COVID-19 is changing their work and how they are securing university networks and data.

Phishing  is a top concern as well as how to educate students about security best practices on platforms that are new to them.

The security team at Stanford University also runs phishing campaigns among university employees twice a month, Michael Duff, the CISO and chief privacy officer Stanford University, said during the webinar.

“We recognize phishing as the single greatest threat to our privacy and security,” he said.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

In early March, scammers sent a coronavirus information email pretending to be from the university’s Health Alerts system, one of several pandemic campaigns highlighted in the school’s collection of real phishing emails.

In March, Stanford launched Cardinal Key to replace logins and passwords. A user has a digital certificate for each device that connects to the university networks. Computers have to be running BigFix or VLRE and mobile devices must be managed by Mobile Device Management to use the digital certificates. Cardinal Key does not support Linux machines or Android phones.

“This gives us a mechanism to ensure user devices are secure no matter where they are,” Duff said.

Duff also said that he relies on automated enforcement of security rules more than user education and awareness efforts.

Helen Patton, the CISO at The Ohio State University, said that the challenge is that college students are sophisticated users of few platforms, not technology overall. 

“They’re not secure in the way they handle new technologies at school so we have to teach them how to be secure with the tech that we’re offering,” she said.

Patton said that her team also phishes students on a regular basis with the goal of building awareness. 

Erik Decker, chief security and privacy officer at University of Chicago Medicine, said everyone’s increased online presence on social media platforms and videos makes spearphishing even easier.

“It’s very easy for people who want to do a targeted attack to find the right people,” he said.

Universities have been a popular target of hackers over the last few years. In May, Blackbaud, the world’s largest provider of education administration, fundraising, and financial management software, was held to ransom by hackers and paid an undisclosed ransom to cyber-criminals. 

During the Q&A part of the webinar, an audience member asked the panel which nation-state they were most worried about defending against. They all declined to answer.

Selling a zero trust approach to security 

In addition to moving to digital certificates for authentication, Stanford’s information security team is also testing out a zero trust model of security. Decker of University of Chicago Medicine said that this approach should be the new mindset and mission for security teams, particularly in this time of remote work as the norm.

“Wherever we are going to be working, we assume that the environment is dirty but we still have to work,” he said.

Patton said that this “trust no one approach” is antithetical to how universities operate, making it a tough sell to researchers and professors who prioritize openness, sharing, and collaboration.

“COVID made the imperative more clear, but didn’t make the pathway to get there any easier,” she said.

Patton also discussed how the lifecycle of research itself–brainstorming, focused research, patent applications, peer-reviewed papers, and conference presentations–requires changing levels of security. 

 “I have to align it with academic freedom and the innate need in the research space to share information with people, even if we don’t fully know who they are,” she said.

For returning students and professors, the CISOs recommended basic security best practices such as automating updates and using unique passwords across multiple platforms. 

Patton suggested that professors slow down and think about what kinds of data they are sharing online, instead of just moving the in-person approach to a digital setting.

Duff said that he has improved endpoint protection and refocusing security strategy to focus on collaboration platforms like video conferencing. 

Decker said he is reviewing his cloud strategy and thinking about how to prepare for a potential surge in COVID-19 in the winter and how to adjust operations accordingly.







Cybersecurity Insider Newsletter


Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays




Sign up today




Also see


Share
Tweet
Email
Prev Article
Next Article

Related Articles

https://www.techrepublic.com/article/how-to-customize-powershell-settings-using-profiles/#ftag=RSS56d97e7

How to customize PowerShell settings using profiles

https://www.techrepublic.com/article/sas-technologies-help-save-honey-bees-the-worlds-no-1-food-crop-pollinator/#ftag=RSS56d97e7

How SAS uses IoT and analytics to help save honey bees, the world’s No. 1 food crop pollinator

About The Author

Leave a Reply

Cancel reply

Recent Posts

  • New tech and gadgets you absolutely can’t miss
  • Razer Pro Click ergonomic wireless mouse maximizes your productivity
  • Lume Cube Panel Mini Bicolor LED Light provides on-the-go lighting for photographers
  • LINKA LEO GPS Smart Bike Lock can track your bicycle’s movements in more than 100 countries
  • Razer Pro Glide soft mouse mat cushions your hand during use

Recent Comments

    Archives

    • August 2020

    Categories

    • Features
    • Gadget
    • Mobile
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    TechTronBlog.com

    Technology, Innovation, Collaboration
    Copyright © 2021 TechTronBlog.com
    Theme by MyThemeShop.com

    Ad Blocker Detected

    Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

    Refresh