It finally happened at Howard University on September 3, 2021. Just two weeks into the fall semester, the Washington, D.C. institution had to suspend classes due to a ransomware attack. The good news was that the breach was contained, and while networks and the Howard website were down, the university’s IT department was in control of the situation.
“We were fortunate to have an internal team and a vendor-driven support system that allowed us to quickly diagnose the situation and determine our next steps for network stabilization,” reminisces Howard’s Associate Vice President and CIO, Olga Osaghae. The incident response plan that had been developed in collaboration with stakeholders across the university prior to the attack proved to be crucial in guiding their actions to recover from the cyber incident.
Universities Need Incident Response Plans
With the increase in cyberattacks and their complexity, colleges and universities have realized the importance of having robust incident response plans. According to Sophos’s “The State of Ransomware Report 2022,” 64% of higher ed IT professionals reported ransomware attacks in 2021. Howard University is just one of the many educational institutions that have had to implement their incident response plans in the face of cyber threats.
Patricia Clay, CIO at Hudson County Community College and co-chair of the Higher Education Information Security Council at EDUCAUSE, emphasizes the importance of having a broad view when responding to an attack. Understanding the nature of the threat is crucial in determining the appropriate response strategy.
At Howard University, once the team identified the attack, they swiftly initiated their incident response plan, disconnecting systems to halt the spread, and analyzing the attack to address vulnerabilities.
Communication and Recovery in Incident Response
Effective communication is key during the early stages of incident response, as emphasized by Clay. Clear and concise communication with stakeholders, including executive leadership and cybersecurity insurance providers, is vital in managing the aftermath of a cyber incident.
Clay also stresses the importance of post-incident communication to avoid confusion and provide relevant information to those affected. Additionally, a thorough after-action report should be conducted to assess the response and identify areas for improvement.
Looking ahead, Howard University has revamped its incident response training and exercises to ensure the involvement of legal, communication, and other university groups in the response process. The IT department continues to implement high cybersecurity standards to safeguard the organization against future attacks.
Editor’s note: This article was originally published on November 2, 2022, and updated on September 20, 2024.
