The University of Sunderland, a tertiary institution located in Northeast England, has become just one more victim in an increasing wave of cyberattacks that have been aimed at universities. In recent months, other schools, such as Newcastle University also in England, and Howard University in Washington DC, United States, have suffered similar threats to their cybersecurity.

In the case of the University of Sunderland, the cyberattack rendered students unable to log in for online, remote/distance learning classes and left staff unable to access their email and other data stored on the university network. The school’s online infrastructure was disabled for five days before restoration operations could bring the network back online and accessible to students and staff.

Universities Are New Targets

As the global pandemic changed the way people lived and worked, especially in school situations that put many young people in close proximity of each other, universities, like other organizations, had to change. Remote learning through the Internet had already made in-roads for some universities and certain courses. However, the pandemic accelerated the use and reliance of these systems, causing universities to lean more heavily on their digital infrastructure.

For many cyber-criminals, this presented new opportunities. Rather than corporations or government agencies with years of experience and “hardened” their cyber security against incursion, universities were viewed as easier targets that now relied on their digital infrastructure to work smoothly more than ever.

Ransomware On The Rise Without Cyber Security

One of the most popular forms of cyberattack in the modern day is known as “ransomware.” Rather than for the purposes of mischief or destruction, ransomware is entirely profit-motivated. In these attacks, hackers successfully bypass cyber security and seize control of a network. They then lock out legitimate users so they can no longer access their own data or manipulate the network.

The hackers then offer to restore control of the network back to the facility provided that their release fee is paid. Depending on how crucial the data is and how quickly it needs to be accessed, this can be very lucrative for digital criminals. Organizations may sometimes determine that it will be cheaper and faster to give in to the demands.

Digital Security Is Crucial

With more and more valuable data being stored digitally on networks, it is more important than ever to ensure access to confidential and critical information is properly protected. Modern cybersecurity is about more than just strong passwords, with multi-factor authentication and anti-phishing measures critical to good network security.

For modern digital protection and peace of mind, learn more about Nok Nok’s multifactor authentication technology and passwordless identity and authentication measures.

Nicholas Chaillan worked as a software chief for the United States Air Force and was assigned to the Pentagon to modernize the organization’s digital security in August of 2018. In September of 2021, he resigned from his post and claimed, “We have no competing fighting chance against China in 15 to 20 years. Right now, it’s already a done deal; it’s already over, in my opinion.”

Chaillan’s concerns stem from two major issues. The first and most important is that the United States military does not take the threat to digital security seriously enough and was unwilling to commit the funds that would have been necessary for adequate protection against military-grade digital incursions.

“I am just tired of continuously chasing support and money to do my job,” he said. “My office still has no billet and no funding, this year and the next.”

The other concern Chaillan had was the Pentagon’s reluctance to recognize that the next looming threat in digital security was not conventional attacks like “phishing” to illicitly secure passwords, but instead, the threat comes from next-generation, highly sophisticated digital attacks reliant on artificial intelligence to penetrate systems that still don’t use newer techniques like biometrics.

While not true artificial intelligence in the sense of software that can think autonomously, AI refers to increasingly complex algorithms capable of finding patterns and solving problems. When directed for offensive purposes, AI can be used for digital reconnaissance, such as scanning and compiling social media profiles to construct a digital “alias” of a trusted individual. It can be used to intelligently guess passwords, reducing brute force time by accessing profiles of relevant individuals. For systems not using biometrics, this collects a list of potentially useful keywords, and uses those in alphanumeric combinations for user-ID/password combinations.

Chaillan contends that China is aggressively pursuing AI in a cyber warfare capacity. They are putting in both the money and eliminating any professional or ethical barriers that might slow progress. Conversely, the United States is experiencing difficulties in this same area as expertise from companies like Google is withdrawn on ethical grounds, such as when Google objected to the use of its technology to increase the precision of drone targeting systems.

Digital Warfare Continues To Evolve

As with real-world defensive and offensive measures, digital attack and defense are in a constant state of new measures being developed requiring new countermeasures to repel. With increasingly sophisticated and automated phishing attacks, relying exclusively on 40 year old legacy password security technology is no longer be enough. If you’re still relying on a legacy password security technology and want to upgrade your network to modern identity and authentication security technology, (including the new global standard of key-pair biometrics), look at Nok Nok products for secure, password-free cyber authentication solutions. The largest global financial brands depend on Nok Nok’s modern auth platform for improving and protecting customer trust.

Insurance companies around the USA are now following an alarming trend of increasing premiums on hacking and digital security breach coverage while providing less coverage when these issues occur. When it comes time to renew a policy for digital security, some companies are now facing as much as a 300% increase for budgeting in this contingency. A major reason for the increase is the rising number of successful attacks, forcing insurers to pay out to clients. Throughout the pandemic, as various organizations have moved work and data to local networks and even to cloud-based networks to facilitate data sharing, digital intrusions have increased. Ransomware and similar attacks have plagued many sectors, including construction, healthcare, government, and education that have failed to upgrade to more secure forms of protection like multifactor authentication.

More Measures Required Like Multifactor Authentication

Insurance companies themselves are becoming increasingly stringent when it comes to even considering giving coverage to a company for digital security. For example, many insurance companies won’t approve an application from a company that doesn’t use MFA, or multifactor authentication, a verification system that relies on more than just a person using only a single password to gain access to a network. Single password systems are incredibly vulnerable and far more prone to a successful intrusion than networks using MFA protocols.

Insurance companies are now also using their own scanning and digital reconnaissance technologies to “audit” the networks of potential clients and see how vulnerable they are. This has played a role in how insurers determine the monthly rates for the premiums a company must pay if they are serious about getting insured against cyber attacks.

Cyber Attacks Are Real And On The Rise

The days when only large companies or government agencies had to worry about hacking or other forms of digital intrusion are over. As more and more businesses of every size—and even private citizens—move more of their crucial data into the digital space, it becomes more lucrative for criminals.

Identity theft, where other individuals use personal identity details like credit cards and social insurance numbers, is rising. Ransomware, where network access and other critical functions are taken over and locked out until money is paid, is also hitting more companies. Network security is a real concern for any person or organization collecting and storing important, sensitive, or confidential data digitally. Legacy security systems based on single-passwords and personal information (knowledge-based access) is proving to be insufficient to protect against modern digital threats that are increasingly more sophisticated and automated. If you’re interested in upgrading your legacy security systems to modern FIDO-based multifactor authentication, Nok Nok has a variety of platform solutions and is trusted by the biggest financial institutions for protecting their customer’s identity and authentication.

The world is now experiencing a time of conflict unlike anything seen in years, but because this is a modern-day, 21st-century clash, the war is not just being fought on a physical battlefield but also a digital one. As the invasion of Ukraine began official state hackers from both Russia and the West engaged in digital warfare, as did independent organizations such as “Anonymous,” a rogue hacking collective that has decided to stand against Russian cyber warfare.

Unfortunately, the worlds of military, corporate and civilian government data spaces are now considered fair game for state-level cyberattacks, funded and driven by government agencies. Now some companies are taking a stand.

Google Intervenes

Google, one of the premier technology companies globally for data management and analytics, is now providing security keys to groups and individuals to help protect them against cyberattack activity. They are distributing 10000 Titan security keys to individuals like journalists, whistleblowers, government officials, and others with sensitive or confidential data to encrypt and protect systems against intrusion and spying.

A Titan security key is an added level of encryption and access control. It is two devices, one a USB card shaped like a key, a Bluetooth device that functions similarly for wireless connections. This adds an extra level of multifactor authentication to an account. In addition to inputting a password to access data on, for example, a Gmail account, an account linked to a Titan security key would require the presence of the USB key plugged into the computer or a confirmed connection to the Bluetooth version for verification.

In other words, like with older multifactor authentication, methods that require a one-time code sent to a phone as an added layer of security, a Titan key system means that even if a password has been stolen through phishing or other means, the data can’t be accessed without a Titan security key to open the second “lock” on the data.

Multifactor Authentication Is The Best Defense

What Google and many other technology companies are discouraging is the use of only a single password to gain access to data and control of systems. A single password means that everything from identity theft, spying on confidential data, and outright seizure of control of systems is possible once that password is discovered.

Now that government agencies like Russia’s GRU are going after many systems and data, security is more important than ever.  If you’re still relying on a legacy password security technology and want to upgrade your network to modern identity and authentication security technology, (including the new global standard of key-pair biometrics), look at Nok Nok products for secure, password-free cyber authentication solutions. The largest global financial brands depend on Nok Nok’s modern auth platform for improving and protecting customer trust. 

Cyber attacks do not only target private individuals, but they can also represent increasingly sophisticated and persistent threats to national security. Billions of dollars are spent on legacy security annually, yet data breaches and theft are accelerating. Many institutions and organizations have suffered. That is why it is important to leverage modern security technologies and zero-trust architectures across sectors.

Becoming More Proactive

In its bid to address exposed areas of weakness in US digital infrastructure, the United States Federal Government updated its cyber security strategy.  In January 2022, President Biden signed Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity. With this modern approach to cyber security, the US Federal Government boldly transitions from incremental improvements to legacy perimeter-based defenses – to significant investment in modern “zero-trust” architectures that never trust and always verify “anything and everything attempting to establish system and data access.”

Aiming for Safer Cyber Infrastructure

When multifactor authentication (MFA) was added to legacy knowledge-based-access (KBA) that is based on the storing and passing of passwords and other personal secrets, there was indeed, a measurable reduction in risk to digital systems and data compared to single factor authentication.

However, the attack strategies of bad actors (attack vectors) evolved such that today, these legacy KBA methods, even with MFA, no longer protect against sophisticated phishing attacks that easily fool account owners into providing account credentials to the attackers. Once a legitimate account is taken over (such as the case in the ransomware attack against Colonial Pipeline), it is very hard for any system to detect a bad actor before significant damage is done, data is stolen, or malicious code is embedded that creates security vulnerabilities at a later time (such as the case with the Solarwinds supply chain attack.)

In a very bold move and positive development for the modern identity and authentication industry, our nation’s new cyber security executive order recommends that federal agencies achieve zero trust security goals with strong, FIDO-based MFA by the end of Fiscal Year (FY) 2024, with plans for implementation due within 60 days.

Among other requirements for networks, devices, endpoints plus encryption for data and DNS traffic, the directive includes centralized enterprise-managed identities with phishing-resistant MFA to protect users from sophisticated attacks (including both PIV credentials and FIDO2 Web authentication (known as “WebAuthn”) created by the FIDO Alliance and published by the World Wide Web Consortium (W3C). The directive also includes enterprise-wide identity systems based on zero trust architecture that always verifies users before granting access.

Strong Defense for All

In a push for safer cyberspace infrastructure, the US Federal Government joins the thousands of enterprises that are leaving legacy KBA and perimeter-based security thinking behind in favor of modern and strong MFA identity and authentication.

As the world continues to see a massive proliferation in devices and network connectivity, technological advancements are required to address the growing challenges in fighting cyber threats and risks. Nok Nok Inc in partnership with the global FIDO Alliance they founded, is among those at the forefront of this fight.

The FIDO Alliance is an open industry association that develops and promotes authentication standards. At the same time, it also pushes for safer and more convenient cyber security measures for the end-user. Thus, making it a mission to reduce people’s insecure and over-reliance on legacy password and KBA-based system access. Learn about Nok Nok’s industry-leading FIDO platform for strong user and IoT authentication here.