Recent research suggests that cyberattacks in higher education are on the rise while libraries' competency in addressing cybersecurity is mixed. Join our panel of one publisher, one vendor, and one librarian as we discuss practical strategies and best practices for libraries to better protect themselves from increasing threats of cybercrime.
08448380779 Call Girls In Friends Colony Women Seeking Men
ER&L 2023 - Invisible Threat, Cybercrime and the Library.pptx
1. Tuesday, March 7, 2023 2:45 PM CST
Invisible Threat:
Cybercrime and the Library
David W. Green
Library Systems Analyst, State Library of Ohio
Don Hamparian
Senior Product Manager, OCLC
Matthew Ragucci
Associate Director of Product Marketing, Wiley
Stacey Best-Ruel
Director of Marketing, Springer Nature
https://unsplash.com/photos/MQlVnTc4OBg
4. Wiley Green External 2021-10.potx
4
Cybercrime
Bresnick, Peggy. ”4 Reasons Cyber Criminals Are Targeting Higher Education” Fierce Education. March 8, 2021. https://www.fierceeducation.com/best-practices/4-reasons-cyber-criminals-are-targeting-higher-education-part-1
D’Agostino, Susan.”Ransomware Attacks Against Higher Education” Inside Higher Ed. July 22, 2022. https://www.insidehighered.com/news/2022/07/22/ransomware-attacks-against-higher-ed-increase.
U.S. Department of Health and Human Services Office for Civil rights. “Cases Currently Under Investigation” Continuous update. Accessed on February 21, 2023
Known Higher Ed and Library
Cyber Attacks
Population
Higher Education has
a huge base of users,
more opportunity for
phishing emails
Data
Higher Ed institutions
hold a huge amount
of data on both
current and past
students, faculty, and
vendors. Getting in
equals a gold mine.
Espionage
Research conducted at Higher
Ed Institutions is immensely
valuable, especially medical
and engineering research.
Easy targets
Crippling a college or
university with potentially
thousands of users pressures
the institutions into fast,
expensive solutions. It’s
estimated that 75% of Higher
Ed cyber attacks succeed.
Why hackers target colleges and universities?
* Paid $1.14 million
*
6. Why library cybersecurity matters
Remote access
to services
Library technical
infrastructure
Information
and digital
literacy
Privacy
7. Libraries as security advocates
Libraries have the
Relationships to Protect:
✔ Patron privacy
✔ Institution assets
and reputation
✔ Publisher assets
9. Mitigate these risks and protect patrons
Password
policies &
multifactor
Systems
management &
IT relationship
EZproxy & Server
Configuration
IT and
vendor
policies
Security
education
10. Attack vectors – EZproxy and other
e-content access services
EZproxy is
popular
making it an
attack target;
hosting
provides
additional
protections
Password
guessing
and stealing
happen around
malicious
usage of valid
accounts via
smishing/
phishing
Configuration
attacks -
Review
Configuration,
Logs,
Intrusion Alerts,
Security Rules
Denial of
service –
Having a
hardened
network layer
provides
additional
protections
11. Four EZproxy Configuration Tips
Intrusion
API
Log or deny
logins
potentially
malicious IP
addresses
Security Rules
Real-time
detection and
notification of
security events
Pseudonymous
Identifier
Reduce IP
blocks by
publishers ; find
compromised
user credentials
Login Intrusion
Detection
(User and IP)
Log and Enforce
intrusion
detection and
apply evasion
periods
12. Pseudonymous Identifier
Feedback Loop
● Publisher detects
unauthorized user
with ID
● Publisher contacts
library and shares ID
● Library uses ID to
identify compromised
credentials
● Library implements
security protocols
14. Wiley Green External 2021-10.potx
14
Shared Responsibility
Collaboration is Key
• Not an IT problem
• Attacks not unique to IT
• …or to Fortune 500 companies
• We’re vulnerable
Worst thing to do is do nothing
15. Wiley Green External 2021-10.potx
15
Engagement
Connections
• Seek conference and workshop opportunities
• EDUCAUSE
• SNSI Upcoming Events
What we’re doing
• OPLIN, SEO, OhioLINK
• Online webinars
• Cybersecurity Conference
16. Wiley Green External 2021-10.potx
16
Awareness
Campaign for Information Security
• Consider patrons, faculty, yourself
• Connect with IT for potential collaboration
What we’re doing
• Open Office Hours
• Cybersecurity Awareness Month
• Weekly Cyber Security Briefs
• CISA
17. Wiley Green External 2021-10.potx
17
Mature Security Practices
Authentication
• Modern authentication
• SAML / OpenID Connect
What we’re doing
• EZproxy
• OHID (State of Ohio’s SSO)
• Moving away from barcodes (TODO)
18. Wiley Green External 2021-10.potx
18
Mature Security Practices
Passwords
• Password managers
• Complex
• Unique
What we’re doing
• No more Post-It Notes!
• Password Manager for all staff
• Multi-Factor Authentication app
23. Wiley Green External 2021-10.potx
23
Content Protection & Privacy
Security is a multi-stakeholder concern
• Striking a balance
• We can have both privacy and protection
Abuse monitoring systems
• Robust and effective
• Protects content and institutions
Obligations to protect user & institutional data
Regulation compliance
https://unsplash.com/photos/YccQtENMuXw
24. Wiley Green External 2021-10.potx
24
Institutional Scenarios
Compromised credentials
Disruptive IP blocks
False/inflated usage data in COUNTER reports
Ransomware attacks
Going offline and diminished usage
https://unsplash.com/photos/icrhAD-qidc
25. Wiley Green External 2021-10.potx
25
Protect user privacy and against disruption:
✔ EZproxy Pseudonymous Identifier
SAML-based authentication:
✔ Federations
✔ Shibboleth
✔ OpenAthens
Cross-industry, friction reduction initiatives:
✔ GetFTR
✔ Seamless Access
✔ Content Syndication
Potential Solutions
https://unsplash.com/photos/TQ3JV9ECgLM
26. Wiley Green External 2021-10.potx
26
About the Scholarly Networks Security Initiative
▪ The Scholarly Networks
Security Initiative (SNSI)
brings together publishers
and institutions to solve
cyber-challenges
threatening the integrity of
the scientific record,
scholarly systems and the
safety of personal data.
▪ Members include large and
small publishers, learned
societies and university
presses, libraries and others
involved in scholarly
communications.
ACADEMIC
IT SECURITY
LIBRARY
RESEARCH
PUBLISHING
27. Wiley Green External 2021-10.potx
27
SNSI tips for academic librarians on building strong information
security defenses at your institution