The Tool That Could Have Prevented the Lansing Community College Cyber Breach

The Tool That Could Have Prevented the Lansing Community College Cyber Breach

Cybersecurity breaches are on the rise, impacting organizations of all sizes and businesses in every industry. Being based in Michigan, a recent case that hits close to home for us, is the Lansing Community College (LCC) cyber breach. Taking place in 2022 and 2023, this breach potentially compromised the personal information of more than 750,000 individuals, including students, staff, and contractors. The college sent out letters notifying those potentially affected, stating that their information may have been compromised. 

Information stolen included:

  • Personal information, including names, phone numbers, and addresses
  • Social security numbers
  • Government identification numbers 

This type of data  is highly sensitive. Malicious users can exploit those involved through identity theft, extortion, and other forms of cybercrime.


Time Taken to Find the Hacker and Notify Students

Lansing Community College found suspicious activity on their networks on or around March 14, 2023.  They began an investigation and discovered  that between December 25, 2022, and March 15, 2023, an unauthorized hacker may have had access to the school's computer system and possibly other systems.  This may seem like a strikingly long time for an unknown individual to go undetected, but the truth is, without a Security Information and Event Management tool in place, this time frame is considered normal.

With the investigation spanning several weeks, the college waited for it to conclude before identifying and notifying individuals who were potentially affected by the breach. The delay in notifying affected individuals could have had serious repercussions. The longer a breach goes unreported, the more time cybercriminals exploit the stolen information, resulting in greater risks and losses for the users involved.  

Cyber breaches are a looming threat for every organization, but there are measures  that can be taken to minimize the risk and impact of such incidents. One essential tool in a robust cybersecurity strategy is a Security Information and Event Management (SIEM) system.  A SIEM solution is a software tool, often monitored by a Security Operations Center (SOC), that helps organizations collect event data from their network devices and systems. The SIEM tool then combines all the data in one place so it can be analyzed to find a response before business operations are affected. So, how could a SIEM tool have helped prevent a situation like the Lansing Community College cyber breach? 


Real-time Monitoring and Detection

One of the primary features of a SIEM tool  is its ability to monitor and analyze security events and logs in real time. By gathering data from various network devices, applications, and endpoints, a SIEM tool can detect suspicious activities and potential security breaches, promptly. 

In the case of Lansing Community College, a SIEM tool would have provided continuous monitoring of the network infrastructure, allowing IT management to quickly find any unauthorized access attempts or abnormal behavior. This early detection could have allowed them to take immediate action to mitigate the breach before it escalated and compromised the personal information of nearly a million people. 


Incident Response and Reporting

In addition to detecting security events, a SIEM tool also enables effective incident response and event analytics. When a potential breach is found, the SIEM system can trigger alerts and notifications to the security team, ensuring swift action is taken to contain and mitigate the incident.

Furthermore, a SIEM tool preserves and collects detailed logs and event analytics, making it easier for investigators to conduct a thorough forensic analysis of the breach. This analysis can help determine the root cause of the incident, identify the scope of the breach, and supply valuable insights for improving future security measures. 


Compliance and Regulatory Requirements

In today's increasingly regulated environment, organizations that process financial or personal data have obligations to protect that sensitive information.  A SIEM tool can help with meeting these requirements by providing automated log monitoring, security event correlation, and report generation.

By implementing a SIEM system, Lansing Community College could have had better visibility into their security posture, making it easier to find potential compliance gaps and take the necessary measures to address them proactively. This proactive approach to compliance can help prevent breaches by ensuring that all security controls align with industry best practices and regulatory standards.


Conclusion

The Lansing Community College cyber breach serves as a powerful reminder of the importance of robust cybersecurity measures and proactive defense strategies. It’s also important to note the college received lots of public scrutiny throughout this situation. If they had a SIEM tool in place it could have guided them on how to answer some of the questions and anger from the public after the breach occurred. 

A SIEM system provides real-time monitoring, incident response capabilities, and assists with regulatory compliance requirements. By leveraging these features, organizations like Lansing Community College can enhance their overall cybersecurity posture and better protect the personal information of their staff, students, and stakeholders.

As cyber threats continue to evolve and grow to be more common it’s not a question of if, but when a security incident will happen at your organization . Therefore, investing in comprehensive security solutions like a SIEM tool becomes increasingly crucial to defend against potential breaches and protect your organization. 

We would love the opportunity to meet with our clients and discuss the various lines of defense through our Technology Business Reviews. If you would like to talk about your organization’s cybersecurity and how we can help build a robust security strategy, contact us today. Call 616-235-6860 or visit www.kgroupcompanies.com/contact.


Sources:

  1. Scribner, M. (2023, July 11). LCC sends out letters detailing data breach as law firm investigates. WLNS 6 News. https://www.wlns.com/news/lcc-sends-out-letters-detailing-data-breach-as-law-firm-investigates/ 
Previous Article Why Your Business Needs Off-Premises Data Backups
Next Article The Future of Cybersecurity: How XDR is Transforming SIEM and SOC
Print
701