IT upgrades bolster university’s defenses against cybercriminals
As part of an ongoing effort to improve cybersecurity, Rockefeller’s Information Security team conducts numerous tests of its systems. It also tests users. In a recent exercise in which members of the community received simulated phishing e-mails—fraudulent communications used to persuade people to share personal data—26 percent of Rockefeller e-mail users clicked on malicious links and 12 percent gave away their Rockefeller usernames and passwords. These results suggested that the tactics used by fraudsters are now sophisticated enough to succeed even in a community of well educated, tech savvy users like ours.
“Malicious emails are getting more aggressive and harder to spot,” says Marty Leidner, Rockefeller’s chief information security officer, who has been at Rockefeller since 2004. “Meanwhile, the stakes are also higher for our network, our intellectual property, and each employee’s personal data.”
Like those of other institutions, as well as companies and governmental organizations, Rockefeller’s scientific and business data assets are under constant attack. In the last month alone, Rockefeller’s cybersecurity program intercepted more than 1.6 billion attacks. There were 262,000 blocked visits to malicious websites, 353,000 malicious, suspicious, or phishing emails, and 15,000 blocked virus infections, among numerous other smaller attacks.
Hackers are often looking to steal personal employee or scientific information, or gain access to financial systems. They try to compromise individual systems for the purpose of launching further attacks. And they are increasingly looking to install ransomware—encrypting data that they then offer to decrypt for a fee, as well as potentially stealing, disclosing, or selling that data.
In response, Rockefeller has mounted a multipronged defense.
For their part, Leidner and his colleagues have made significant upgrades in the past year to bolster the university’s frontline cybersecurity defense systems. Two new denial-of-service (“DDoS”) appliances have been installed to help manage the flow of data that enters the university’s network. The hardware filters individual data packets to sort those that are legitimate from those used to flood systems with junk data. (Junk data is used to overwhelm network connections and cut off access in a so-called denial-of-service attack, similar to clogging up a highway with too much traffic.)
In addition, IT has upgraded its antiquated firewall systems with faster and smarter versions that can filter more data. They also updated the university’s web filtering software, which blocks malicious web sites. The new system is able to check individual websites in real time and gives users the self-service option to request unblocking if they feel a mistake has been made. Finally, the security team implemented a new state-of-the-art intrusion protection and prevention system that provides insight into attack patterns. They can then use this intelligence along with other tools such as machine learning to help prevent cyber-attacks from recurring. Together, these highly redundant systems allow the team to integrate new intelligence and quickly deploy counter measures.
“All in all, these upgrades encompass the biggest network infrastructure upgrade we’ve made in a decade,” says Leidner. “But although these backend updates make it substantially harder for external attackers to break into campus assets, cyber criminals are increasing targeting our campus community via phishing and social engineering attacks.”
Common tactics include impersonating IT, HR, or finance personnel, as well as other university colleagues, in an attempt to gain access to confidential information and login credentials.
“It is critical for Rockefeller community members to increase their awareness of these attacks,” says Leidner. “Our users are the last line of defense against cyber criminals who engineer these attacks, and they serve as a valuable source of intelligence to the information security team by alerting us to phishing and malware attacks.”
For this reason, Leidner says the most recent initiative may be one of the most important: A cybersecurity user education campaign begun in October 2021, in which all employees and trainees must complete an annual online cybersecurity training course. The twenty-minute online course focuses on reinforcing best practices to defeat social engineering.
Community members are also encouraged to incorporate best practices into their daily workflow: utilizing the university’s virtual private network (VPN) when working off-campus; installing up-to-date antivirus and anti-malware software; updating software regularly; deleting programs that aren’t needed; and ensuring that data is properly backed up. (Backup solutions include desktop backup service (such as the university supported “Crashplan” service) or using one of Rockefeller’s IT-managed and supported data storage systems or on the university’s Dropbox service for file storage.) Users should also pay attention to the recently deployed tags that identify external email, which make it easier to discern fake emails sent by outsiders posing as Rockefeller staff.