In recent years, both the higher education and healthcare sectors have, on the back of increased adoption of technology, witnessed significant spikes in ransomware attacks. While increased connectivity of devices has greatly benefited these sectors — both of which deal with the population’s data — it also widens networks beyond traditional security perimeters, raising the potential of breaches and incidents.

According to the Cyber Security Agency of Singapore (CSA) in its Singapore Cyber Landscape (SCL) 2021 report published last August, threats like ransomware are escalating.

The CSA says 137 ransomware cases were reported in the republic in 2021, a 54% increase from 89 in 2020. The agency notes that this has been driven by the proliferation of Ransomware-as-a-Service (RaaS), which has made it easier to distribute ransomware payloads.

To its credit, the CSA is driving collaborations with the healthcare and education sectors to safeguard their cyber systems. This can be furthered with a scalable cloud-­delivered security that protects data accessed by any device from any location in any on-premises or cloud application.

Due to the nature of data held by these institutions, there could be serious — and even life-threatening consequences — should steps not be taken to anticipate these risks.

Cyber criminals inside and out understand that universities and healthcare organisations handle, process and store large volumes of personally identifiable information (PII), intellectual property (IP) and protected health information (PHI). To ensure that these are protected against intrusion, compromise, disruption and data exfiltration, the way cybersecurity is implemented needs to be re-evaluated.

Growing attacks, loss of visibility

University and healthcare systems no longer have the luxury of managing bounded network infrastructures where applications, data and devices all reside within a well-defined perimeter.

The rise in telehealth, cloud computing, electronic health records, Internet of Things (IoT) devices and wearables has created new risks and data protection requirements.

Data now resides in countless apps, both on-premises and in the cloud. And with staff on the networks working from anywhere, and end users requesting access at any time from everywhere, unmanaged devices and networks are being used to handle PHI, PII and IP. This has simultaneously opened new entry points for attacks and severely hindered the effectiveness of perimeter-based security, taking away the visibility and controls these healthcare networks used to have.

Inadequate security tools

To fulfil new data protection requirements, educational institutions and healthcare providers need cybersecurity that works no matter where data goes — especially as people work from anywhere using unmanaged devices and networks.

Legacy security solutions are tied to perimeters where data and users no longer reside exclusively, so they offer limited visibility into and control over cloud-centric activities.

Some organisations have begun implementing cloud-delivered security, but these solutions are often deployed in isolation. Siloed solutions lead to security gaps and operational inefficiencies as administrators must switch between various consoles to coordinate information and analyse results.

A unified approach to data protection

To effectively secure sensitive and regulated data, educational and healthcare institutions need to move beyond perimeter-based tools.

Having a unified security platform eliminates the need for a patchwork of technologies by converging the capabilities that used to reside on premises in the cloud. It provides end-to-end data protection and visibility — from the users’ behaviour and the endpoint they use, to the data they seek to access.

These institutions can then get comprehensive and consistent insight and control across their entire system within a single pane of glass — reducing the risk and impact of ransomware and other cyber threats, and protecting PHI, PII and IP.

However, deploying cloud-delivered security is only one part of this equation.

The other aspect is integration. Far too often, educational institutions and healthcare providers opt to deploy these tools and products in isolation. However, without these technologies working with each other, security gaps will persist as gaining any semblance of visibility requires constant switching between consoles.

Integration is key to a unified approach, and that can really only be achieved by next-generation security solutions that effectively help prevent and mitigate cyber risks, even as they evolve and become more sophisticated.

This is what will ensure that educational institutions and healthcare providers are cyber secure and resilient — even as the network perimeter disappears and the number of applications rapidly increase across countless applications.

Don Tan is the senior director of Asia-Pacific at Lookout, a cybersecurity company that uses predictive machine intelligence to analyse data to predict and stop mobile attacks to individuals or enterprises