NSCAD University is a principal center for education and research in the visual culture in North America. The small IT department supports over 1,000 students and 250 administrators and faculty. Cybersecurity risk is managed across two functional teams that serve administrative and education/research functions. They employ several layers of perimeter and endpoint security, manage assets and updates, and do regular formal pen testing.
Typical of many smaller universities and colleges, the demands on the IT team are often just as complex as those at bigger institutions. The difference is that the resources to implement solutions and hire specialists to manage them aren’t as large. Moreover, solutions that work in industry don’t always fit in an educational environment; where a school runs an operational network and acts like an ISP with no control over what devices are on it.
While they have been successful in mitigating any serious cyber threats to date, they did have three successful desktop ransomware incidents in the last year. All three were recovered from backup but recovery still took time and resources and the team recognized the global trend of increasing threats. Notably, 80% of the computers at NSCAD are Apple and all three incidents impacted Apple devices. This helps dispel the common myth that only Windows systems are at risk.
Recognizing the increasing threats occurring globally, they were looking to add additional security that was simple to manage and effective in preventing an infiltration. The CIRA DNS Firewall provides additional malware and phishing blocking using threat feeds that their firewall and endpoint security do not have. Turning it on was as easy as forwarding the recursive queries to CIRA DNS Firewall and it didn’t require training for the team.
They see additional incremental blocks to malware infected sites and most importantly, easily add new domains to the block list that are part of spear phishing campaigns rather than IP blocking on the traditional firewall – something that was more complex to manage and introduced overhead. Moreover, IP blocking isn’t sufficient to stop malware that used dynamic DNS for propagation. CIRA DNS Firewall is proving effective in reducing the risk from phishing, malware and botnets.