While it’s not surprising to see another hacker group breach an organization’s data, the NullCrew’s attack on Yale University shines a spotlight on a potential epidemic in the making. NullCrew boasted:
This release merely had a reason other than to prove that nothing secure. In fact, the governmental and educational sites are the least secure in the experience we’ve had with .edu and .gov websites
The breach included usernames, passwords, and email addresses – a magic combination that could easily enable spearphishing and account hijacking. Making the leap from account details to cloud attacks is nothing new. But, combine this with the wave of higher education institutions moving to the cloud and this attack could only be the beginning of a very troubling trend.
As more and more universities struggle with budgets, they’re turning to the cloud to save money. A 2011 CDW-G study found that higher education was among the top adopters of the cloud – with 34 percent of universities using the cloud. Higher education ranked #2 in overall cloud adoption and #1 by a large margin in Gmail adoption. All of this makes sense given the huge economic benefits in moving to cloud email. But, universities don’t just store student information they also store healthcare data from their bio-medical research and medical schools.
With so much potentially sensitive data headed to the cloud and out of the direct control of institutions, the Yale breach and more like it that include email and password data could be the just the beginning of a looming crime wave. Universities can take decisive actions to secure data, for example encrypting their data in the cloud, to prevent these frequent attacks from turning into an epidemic. This would place the university back in control of their data no matter where its stored or accessed.
CipherCloud recently teamed with Paul Simmonds, CSA Guidance 3.0 co-editor and former AstraZenaca CISO, to develop Five “Must Haves” for Securely Moving to Gmail or Office 365. This is a great starting point for any organization looking to make the move cloud email safely (or already using cloud email and looking to protect their organization). You can watch it online.