Cybersecurity experts have long touted that “the traditional perimeter is dead” and have advocated for a zero-trust and identity-centric approach to security. However, if your identities are the most important element of a modern cybersecurity program, it is an unfortunate, but real truth that they are also the biggest threat to your systems. It’s not intentional, but think about it in a physical context: anyone with a key to the building is a potential risk to the building.
Educational institutions are presently the most targeted industry when it comes to ransomware attacks, with phishing and account takeovers being the two largest causes. The average total cost to rectify a ransomware attack in the education sector is $2.73 million, when considering downtime, people time, device cost, network cost, lost opportunity, and ransom paid. Of course, this is in addition to learning disruption and an institution’s inability to serve its students due to the ransomware attack.
The simple solution is to enforce multi-factor authentication on all of your users and lock down all access points. However, that isn’t always a realistic option due to the pushback that can be wrought from a user experience perspective. If you are still leveraging a password-only approach to authentication, then it is paramount that you ensure all of your users aren’t actively leveraging compromised passwords.
Proactive Ransomware Prevention Plan
This is the point where your users are unintentionally part of the problem. Unfortunately, a large number of end users re-use their institution password across dozens of other sites, platforms, and applications. If a data breach occurs for any of these other entities, your institution is now at risk due to that same password being potentially compromised (just ask the people at Colonial Pipeline Co.).
The good news is that there are two steps to solving this problem, and both can easily be incorporated into your digital identity platform.
The first step is at the point of password creation. For onboarding, it is imperative to leverage a secure account claiming process that requires users to verify their identity to gain access to their accounts. From there, users should be forced to immediately reset their password. Now, the responsibility lies on the technology to not just enforce a complex password policy, but to also ensure that the new password set by the user has not been compromised in a data breach.
The second step is equally critical, but typically overlooked. Your digital identity platform should continuously monitor all of your institution’s identities and compare their credentials to those that have been compromised and are now available for sale on the Dark Web. Just because a password wasn’t compromised when it was created, that doesn’t mean it won’t become compromised in the future!
So, if an active identity is leveraging credentials that are known to be compromised in a data breach, then the institution (and end user by way of the institution) can be notified and empowered to proactively mitigate the risk of an account takeover through that identity, and ultimately, a ransomware attack.
Regardless of your approach to remediation, the goal is to proactively prevent account takeovers and ransomware attacks by making sure all of your digital identities are using as secure of credentials as possible.
RapidIdentity Compromised Credential Monitoring
RapidIdentity, the digital identity platform in education, continuously monitors all of your institution’s digital identities and compares their credentials to those that are known to have been compromised and available for sale on the Dark Web.
Once an account's credentials become a risk, RapidIdentity notifies your institution by sending an email summary with an attached report containing all active users whose current credentials have been flagged as compromised (not their actual password in cleartext) with recommendations for steps to remediation.
Even better, RapidIdentity takes it a step further to remove the threat by:
- immediately ending any active sessions,
- auto-enrolling the at-risk account in an MFA policy until the password is reset,
- auto-resetting the at-risk account’s password,
- or even full-on disabling the account.
Password complexity rules simply aren’t enough, and breaches are continuing to happen every day. Ransomware
attacks not only put your users’ digital identity data at risk, but can cause your school to temporarily close and cost
millions in taxpayer dollars. Now is the time to ensure your institution is protected with RapidIdentity Compromised Credential Monitoring.