York University in Toronto suffered what is being called a very serious cyber-attack last week that affected a number of servers and workstations. The IT department very quickly took down the school’s network which they say lowered the severity of the attack, but students and others are still asking for more answers. York’s student union says that no one was directly informed about the attack and instead the school relied on social media and statements from their website. Security analyst Claudiu Popa said the language being used should be a cause for concern from faculty and students. Popa stated, “We can surmise that anything that spreads on servers and workstations is likely to not just be something that replicates quickly but is something that is looking to do some damage.” He also added that York needs to tell its students and staff what to look for so they can better protect themselves.
Companies and educational institutions should create and regularly update a response plan to guide actions in the event of an attack against computer systems. The plan should include continuous monitoring of workstations and servers to detect attacks in the early stages, as well as a procedure for containing damage when an attack is detected. A response plan must also specify how to notify customers or students if their personal information is compromised, so that they can take steps to protect themselves. It is important for students and staff to be aware that phishing attacks may increase, and they should be cautious when dealing with emails and other content from unknown senders. As for the university, if they did not have a defense-in-depth strategy in place, they should consider it. Defense-in-depth means email filtering, keeping software up-to-date with security patches, network monitoring, and pairing an anti-virus software with Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) tools to quickly detect attacks that make it through the other defenses. The Binary Defense Security Operations Center (SOC) provides managed security services to monitor endpoints for intrusions and suspicious activity around the clock and stop intrusions quickly.