A cyberattack in Nov. 2020 paralyzed several of Binghamton University’s online services, including the BU Library Interlibrary Loan (ILL) service and its printing services, No campus data was taken by the hackers.
However, following the breach, the University formed its Information Technology Task Force (ITTF), a security committee made up of BU officials which aims to improve the cybersecurity on campus. The ITTF investigated the situation and sought out methods to improve the campus’ IT infrastructure.
One of those new measures will be that school systems currently using the Central Authentication Service (CAS) for logging in, which includes students’ BU login, will switch over to two-factor authentication (2FA) protocol in mid-February. This will require users to complete an additional factor in order to log into their accounts using a time-based one-time passcode. Currently, the University uses 2FA for users logging onto the campus’ virtual private network. However, the task force approved the usage of a 2FA protocol for all users who opt for it regardless of whether they are on the VPN. Later in the semester, the University plans to require all users, including students, to set up a 2FA for campus accounts.
Immediately following the Nov. 7 cyberattack, faculty and staff were asked to install Carbon Black onto their University-owned computers, an endpoint detection and response (EDR) security tool that provides insight of any malicious activity within the campus network. According to Niyazi Bodur, BU associate vice president and chief information officer, the University did not have any malicious activity over the past few months. However, with the expiration of the Carbon Black contract upcoming and uncertainty over which EDR will be used after, Bodur viewed the 2FA as an essential security measure, especially as cyberattacks are becoming more prevalent in today’s society.