Earlier we reported about a series of data attacks against universities that were sweeping the country. These malicious incursions focused on extracting very private information such as Social Security numbers for students, alumni and personnel associated with the university.
Among the most damaging of these attacks took place against the University of Maryland, which saw data for more than 309,000 university people compromised, The Baltimore Sun reported.
Knowledge of the breach understandably led to a swift administrative response, and a look into the possible enterprise security vulnerability that could have enabled the attack.
When large-scale incidents like these happen, they do not go away quickly. Whether it is a major corporation like Target or an educational institution, the breached enterprise can usually expect a significant degree of public scrutiny and the incursion of recuperative costs.
And so, in addition to the projected millions of dollars that the university is spending in recovering from the attack, University of Maryland president Wallace Loh was also invited to testify before the Senate Commerce Committee last week, according to Senate records.
In his testimony, he admitted the university was unprepared for the attack — and that a security weaknesses had made it vulnerable.
An Entry Point in the University’s Physical IT Infrastructure
Loh admitted to the Committee that “because we’ve never been hacked before, we were just flying by the seat of our pants” after the attack.
Fortunately for the university, it avoided significant public backlash by notifying the affected parties immediately after the breach happened. This forthrightness has gone a long way toward recovering the university’s reputation in the wake of the attack.
But Loh said that the breach started because of an internal IT system with poor authentication management. By uploading malware into the university network, the hackers were able to breach several IT administrative passwords that were in place and gain access to the internal system, which contained the private data.
For Loh and the university’s IT team, the attack meant that something had to change.
For the University, Moving to the Cloud was the Answer
In a piece for OnlineTech, data researcher Jason Yaeger pointed out that cloud security can render the cloud a very safe place to store information and conduct business. According to Yaeger an individual or organization’s cloud presence must be guarded by strong authentication measures to remain inaccessible to malicious parties.
Because of the opportunity it offered for safer computing, Maryland’s administration decided to move most of its IT functions to the cloud, and therefore boost its security infrastructure.
However, once in the cloud, the university must take the proper safeguarding measures to make sure their information does not slip out of their hands again. For all organizations, strong authentication is absolutely integral to ensure safe computing in the cloud.
“We have to find that proper balance between security and access, and that is the challenge for all universities,” Loh told the committee, according to The Diamondback. And while this is a challenge, the cloud can make it easier to solve.