Director of security, Henry Hughes, warns:
“Education and research are likely targets, alongside other sectors, and reporting indicates that the chances of Russian state-sponsored action, including via social engineering, have increased significantly.
“Ensuring that fundamental protections are in place and are functioning correctly is the most important priority. This applies in normal circumstances but is now critical.
“Most colleges and universities should have already implemented the security measures described below and in the National Cyber Security Centre’s (NCSC) advice. Any that have not done so should take immediate action.
“Jisc will, as always, support members with technical advice where required, but it’s up to individual organisations to determine and fix their security weaknesses.
“Perfect security is an impossibility, but the strongest security posture is dependent upon a strategic approach. Senior leaders should be taking responsibility for the policies, processes and governance that foster a robust security culture across their organisation.”
Jisc’s computer security incident response team (CSIRT) is monitoring the situation, including known Russian groups.
The security protection check list includes:
- Ensuring critical assets are patched and up to date, and that appropriate compensating controls are in place where they are not
- Review account management practices, and ensure that only those who need it have admin rights to services
- Ensure antivirus protections on both servers and workstations are up to date and are being monitored
- Review firewall rules and remove/disable any redundant rules that could allow a threat actor access
- Make sure backups and recovery processes are following the backup 3-2-1 methodologies and have been tested
- Ensure all critical services are being monitored
- Update the incident response plan and test it, to ensure the organisation is prepared in the event of a security incident
- Revisit phishing awareness training, as this is a common threat route for most advanced persistent threat (APT) groups
Colleges and universities that are impacted by attacks and need assistance or wish to share information about an incident, should contact Jisc CSIRT at email@example.com or call 0300 999 2340.