The organiser of Zero Day Con is advising third-level institutions to urgently review their cybersecurity protocols, in the wake of a ransomware incident at one Irish university. It follows a message from Minister for Higher Education Simon Harris, who reiterated the support being offered by the authorities to MTU, where classes resumed yesterday.
Raluca Saceanu is CEO of Smarttech247, which powers major cybersecurity conference Zero Day Con. Ahead of the return of the Dublin event, Raluca said “the disruption caused to students and staff at Munster Technological University is a nightmare scenario for any organisation.
Finding yourself at the centre of an attack by ruthless bad actors can have a devastating effect on your business so without a doubt, prevention is better than cure. While investigations into how this incident unfolded are continuing, we strongly advise third-level institutions all over the country to act now and review the measures they have in place that could be key to stopping something similar happening to them”.
Raluca has outlined these eight golden rules for an organisation’s protection, which she says must be prioritised in any review:
— Network Security: Implement firewalls, intrusion detection systems, and secure routers to prevent unauthorised access to the university’s network.
— 24/7 Monitoring: Implement event monitoring capabilities to ensure that should an intrusion occur, a security team can act fast and respond to the incident accordingly
— Data Encryption: Ensure that sensitive data such as student records, research data, and financial information is encrypted both in transit and at rest.
— User Access Management: Implement strong authentication methods such as two-factor authentication and regularly monitor user access to sensitive systems and data.
— Software Security: Keep software systems and applications up-to-date with the latest security patches and upgrades. Implement anti-virus and anti-malware software to prevent malicious attacks.
— Incident Response Planning: Develop and implement an incident response plan that outlines the steps to be taken in the event of a security breach. This should include procedures for detecting, containing, and mitigating the impact of a security incident.
— Employee Awareness Training: Provide regular training to employees on security best practices, including how to detect and prevent phishing attacks, how to protect confidential information, and how to report suspicious activity.
— Regular Security Audits: Conduct regular security audits to identify and address vulnerabilities in systems and processes.
Experts are constantly detecting new and evolving threats from hackers and malware engineers, but Raluca says the golden rules offer basic protection: “Despite the rapid advancements in cyber warfare, these practices still do a lot of the heavy lifting when it comes to thwarting attacks and are always what we recommend as your first line of defence. What’s vital to remember is maintaining these and ensuring you implement regular reviews of all aspects of your cybersecurity protocol”.
Raluca will be among the experts addressing ransomware, how to navigate emerging political tensions and mitigating the threat from within at Zero Day Con next month. The speaker list also includes representatives from the FBI, NCIS, Ireland’s Data Protection Commission, Aryzta and other high-profile organisations. Tickets and further event information are now available via zerodaycon.com.