EdScoop Radio

Detecting and remediating compromised user email accounts

A little over a year ago, Scott Bridges, chief information security officer at Southern Illinois University (SIU), saw an exponential increase in the number of malware and phishing attacks at his institution. With nearly 15,000 full-time students and 1,000 faculty members, the spike in compromised email accounts started consuming a disproportionate amount of his team’s time and resources.

“The issue is very far reaching and it’s happening to most people I talk to in the industry in higher education,” Bridges states in this EdScoop podcast. “Higher education is a microcosm for all the different data types that are possible out there, and bad actors see this [as an opportunity] to target higher education to glean information from one place.”

The spike in phishing attacks led SIU to partner with Proofpoint, a cybersecurity firm that helps protect organizations from advance threats and attacks that target email, mobile apps and social media.

Most IT organizations tend to focus on threats coming from outside their system, says Eric Schwake, group product marketing manager at Proofpoint. In Proofpoint’s discussions with SIU, they discovered a need to pay more attention to internal email flows.

Bridges and Schwake spoke with EdScoop about the risks colleges and universities face from phishing attacks, the challenge confronting SIU and some practical approaches to deterring attackers from exploiting students’ and faculty members’ email accounts.

“The bad guys were harvesting [a student or staff] ID and password, and turn around logging into the email address, and then blasting out from that compromised email address to others,” says Bridges. His team was overwhelmed with hundreds, if not thousands, of attacks.

Once a student or faculty member’s credentials have been stolen, or they have unknowingly downloaded malware onto their machine, it’s just a matter of time before a campus’ systems is compromised.

SIU worked with Proofpoint to deploy a system that monitors email volume and behaviors and identifies the potential spread of malware.

“It is a paradigm shift in a lot of thinking because many organizations don’t do that internal email traffic scanning,” Schwake explains. Higher education is a very transient population so educating the user to exercise caution isn’t always effective. Tools, while not the only solution, certainly help minimize risk.

Read more about how higher education institutions can detect and remediate compromised email accounts.

This podcast was produced by EdScoop and underwritten by Proofpoint.

-In this Story-

cybersecurity, Eric Schwake, IT Modernization in Higher Education, malware, phishing, podcast, Proofpoint, Scott Bridges, SIU, Southern Illinois University, Sponsored Content