Use Case for Research Security in Educational Institutions

Colleges and universities are increasingly under attack from state-sponsored and independent hackers. From ransomware to espionage, universities are massive targets for all kinds of bad actors. Researchers have their work stolen, university administrations are locked out of files—anything you think a hacker might be interested in at a “regular company” is there at a university too.

The challenge is that higher education is often blind to the need for communication and research security. However, expensive R&D projects and millions of dollars in tuition, fees, and donations make it just like any big company. Communication security policies must be in place to prevent or mitigate when a hack eventually happens. SKY ECC gives universities an absolutely secure platform for communicating with colleagues across the lab, across campus, or across the world.

Why communications security goes hand-in-hand with research security

It may not make the news like a celebrity hack, but thousands of researchers and universities are hacked every year. All your hard work can be leaked and exploited by other people. Examples include:

  • Russian attackers stealing from 373 universities around the world in what many consider to be state-sponsored espionage.
  • Chinese hackers focusing on the maritime research of 27 universities.
  • Hackers in Iran targeting unpublished research with valuable intellectual property. 

All these attacks occurred in late 2018 and 2019. In 2018 alone we saw over 7998 researchers in 320+ universities hacked. That’s a lot of research stolen. A lot of commercial opportunities, papers, and patents put in jeopardy all over poor research security.

The hacks above were committed by state-sponsored actors. There is no doubt these attackers were trying to steal state secrets, disrupt workflows, cause stoppages, steal intellectual property, and possibly damage the reputations of researchers or institutions.

The universities themselves have a fair amount of work to do to better secure themselves, and this includes research security tactics for the communications of those doing the work. However, there are real, concrete steps universities can take to make communications more secure.

Contact SKY ECC today to see how we can help secure your research.

University of Calgary hack

The University of Calgary (UC) was the victim of a ransomware attack in 2016 which cost them $20,000, days of research/work, and disrupted a large-scale event. Not to mention losing access to email and other basic communications tools for a week. Here’s what happened during the 2016 attack:

  • May 28: The day of an 8000+ person event. Spreadsheets with hundreds of names had to be recreated by hand. Organizers lost all their files and work, including being locked out of email to answer questions to contact attendees or vendors.
  • May 28, afternoon: Everyone was asked to stop using any UC computer.
  • May 29: Everyone is forced to use walkie-talkies to communicate during the event.
  • May 30: Posters go up all over campus urging people to not use UC computers.
  • May 31: Still lacking reliable communication, IT sets up new email servers outside of the university. All contacts and calendars are printed off so they are not lost.
  • June 7: Still suffering from the ransomware lock out, UC pays a ransom of $20,000 to get access to research data.

There were losses for the University from their event being impacted, staff losing 10 days of computer access, communications going down, research put on hold, and $20,000 going out of the door. Worse still, the decryption keys the hackers provided after the ransom was paid didn’t unlock all the files.

How SKY ECC secures your communications

All across the University of Calgary there were communications problems during the hack. Everyone used email as their primary communication tool, and suddenly email was gone. School administrators, staff, and students were left in the dark…except for their walkie-talkies.

What’s worse is email was likely how the hackers got access. Ransomware is typically delivered via fraudulent email sent to those with the access the attacker wants (phishing or spear phishing). SKY ECC could have mitigated communications issues by:

  • Those with access to sensitive systems could confirm suspicious emails over an independent—and secure—channel. Fraudulent emails would be sniffed out and deleted and the community warned to watch out for the phishing emails. Administrators know exactly who they are chatting with on SKY ECC because our contact list security ensures all contacts are verified.
  • During the hack, SKY ECC would let administrators discuss plans to mitigate the attack without the hackers getting wind of their plans.
  • Hours would not be lost finding a reliable and secure alternative communication channel. Administrators and department heads could have used SKY ECC, which would not be impacted by the hack, to communicate and make plans right away.
  • SKY ECC contact lists would not have been affected. This would provide a backup for communicating across the organization with those inside and outside who could help.

This particular ransomware has a number of other mitigation strategies, with the Department of Homeland Security listing email security as one. There is no question that SKY ECC can be a tool for research security at educational institutions, and for having a 100% reliable communication platform for all emergencies.

The fallout from the University of Calgary hack

UC was not the only victim of this particular ransomware. Other universities, hospitals, and cities were held ransom costing over $800 million in lost productivity, and nearly $6 million in actual cash paid to ransoms. That’s a lot of money and time to lose over poor communication standards.

Everyone must prepare ahead of time to prevent or mitigate hacks in the future with a robust, secure communication plan for their research security and general institutional security. That plan needs to include a tool like SKY ECC which can be used as a source of truth for how the organization communicates, store some of the most valuable data as a backup to the backups, and keep everyone in touch no matter how bad their network is hacked.

Share this post: