IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cybersecurity Audit Shows Positive Changes for NC College

Following a ransomware attack last July, Richmond Community College IT officials have put new resources and outside expertise toward security improvements. Those efforts are paying off, auditors say.

Cybersecurity_shutterstock_1607065009
Shutterstock
(TNS) — An audit of Richmond Community College’s IT systems produced positive results in the wake of a cyberattack last July that temporarily took out all of the college’s network capabilities.

The cyberattack that hit RCC, according to a report presented to the North Carolina Community College System (NCCCS) last October, was part of a nationwide ransomware attack on higher education institutions.

In a discussion last year about the incident, NCCCS senior Vice President and Chief Information Officer Jim Parker described ransomware as a virus that stealthily collects user data and private information from a network, and attempts to convince users that they need to send money somewhere. Ransomware is capable of encrypting and locking a system before demanding money from users to restore access — hence its name.

RCC was the only NCCCS school targeted in the attacks. The attack affected 1,200 desktop computers at RCC. No money was sent by RCC to any malevolent sources because of the attack, but staff members had to spend several weeks repairing the network.

Since then, RCC contracted SHI International, a company that provides technology products and services, to conduct a secure posture review which identified vulnerabilities in the network.

SHI used automated and manual tests to identify weaknesses in RCC’s public facing IP hosts and applications, Amazon Web Service cloud and internal network.

In its executive summary of the audit, SHI reported that it was not able to obtain unauthorized access to RCC’s key systems and files, a sign of a successful audit.

“While the majority of Richmond Community College’s overall internal and external attack surface is hosted on premises, with some hosts being managed in the AWS cloud, it is well protected…,” the summary reads in part.

Taking into consideration the vulnerabilities they found — including possible service exploits, potential remote code execution and obsolete software versions — SHI rated RCC’s overall external IT security as “good.”

“We will continue to hire and work with companies like this to continue to make sure that we have a safe and reliable network,” RCC Executive Vice President and CFO Brent Barbee said during a meeting of the college’s Board of Trustees on Tuesday.

“We’ll probably use a different company next time just to make sure we’re doing our due diligence,” he added, “and making sure different means and methods are being used.”

In other business, the Trustees learned that the projected completion date of the Kenneth and Claudia Robinette Building in downtown Rockingham is now Sept. 10. The new building, which will house Leon Levine School of Business and Information Technology, will not be completed in time to host classes this fall.

Administrators had originally anticipated that the building would be finished before the start of the semester, but several delays — including one caused by a temporary work stoppage after a construction worker tested positive for COVID-19 — made that less realistic. All classes scheduled to take place inside the Robinette Building this fall have been shifted to other venues outlined in a contingency plan RCC President Dale McInnis detailed over the summer.

“There’s a lot of work to be done,” McInnis told the Trustees. “We’re interested in having a high-quality building that we can use for many years. And we look forward to it being completed.”

©2020 the Richmond County Daily Journal, Distributed by Tribune Content Agency, LLC.