As IT specialists work to restore the Maricopa Community Colleges network in the aftermath of a March 16 cyberattack that delayed the start of classes, college officials announced Thursday that antivirus software will be made available to students, faculty, and staff.
“We are pleased to announce that our information technology and recovery teams continue to make great strides in their efforts to safely restore Maricopa Community Colleges’ systems,” according to a statement posted by interim Chancellor Steven Gonzales on the Maricopa County Community College District (MCCCD) website.
The statement also noted MCCCD -which operates 10 regionally-accredited colleges serving Maricopa County- has purchased Sophos antivirus software “as part of our efforts to build a more resilient network” and that all current faculty and staff may use Sophos Home Commercial Edition on up to ten personally-owned devices for free.
The cyberattack came as Maricopa Community Colleges’ nearly 200,000 students and 10,000 faculty and staff were preparing to return to class. The hack pushed back the start of classes until the end of the month while the network is secured.
“Please keep in mind, you may not immediately have access to all applications, and you may temporarily experience degraded performance as we complete this process,” Gonzales wrote. “We expect to bring additional systems and applications online in the coming days and are still on track for classes to resume on Monday, March 29.”
The hack of the MCCCD’s massive network came just two weeks after the City of Kingman in Mohave County reported a “criminal cyberattack” had crippled its website and took down the employee email system. The Arizona National Guard’s Cyber Joint Task Force (CJTF) was called in for IT support, and much of the city’s network was back online by Thursday.
A city issued notice earlier this week stated the city never lost control of its network. In the meantime, officials are working with cybersecurity experts to determine what occurred and how.
“At this time, we are still working to discover the extent of the event and trying to discover if any information has been damaged,” the notice said. “The City of Kingman is insured against this type of cyberattack and we are working closely with different agencies and the insurance provider to conduct the forensic investigation.”
Both the Kingman and MCCCD cyberattacks have been reported to the Federal Bureau of Investigation. The FBI was also notified last fall when someone gained access to a Maricopa County website used by its elections department, but did not get into any databases.
The recent attacks have prompted an uptick of calls to IT and computer support specialists, including Tucson-based Zinatt Technologies, Inc.
According to Zinatt founder and CEO Gabriel Reina, who is also the Chief Information Security officer (CISO), companies big and small need to understand that hackers and cyberterrorists are always adapting and trying new ways to break into systems, whether it’s for the thrill of the effort or for nefarious, even criminal purposes.
“The hackers only need to be right one time to cause significant damage; however, those charged with protecting against the cyberattacks have to be right every time,” Reina told Arizona Daily Independent. “Unfortunately, an organization is only as strong as its weakest link, which is frequently a dedicated employee who clicks on a link in what they believe is a legitimate email.”
Reina explained there are hardware and software tools available to protect and cleanse an infected network, including firewalls, spam filters, anti-virus, and anti-malware systems. But the best defense, he said, is a layered one, as layers of protection avoid a single point of failure that allows a hacker to gain access to a system.
“Additionally, the architecture of an organization’s network can play a part – using hardwired connections when possible, limiting access to an organization’s Wi-Fi, and providing a guest Wi-Fi that does not have access to internal systems,” Reina said, adding that use of an intrusion detection system is also important in learning “what normal looks like so staff can be alerted when activity raises suspicion even if an attacker is attempting to tread lightly to avoid detection.”