How NVIT turned a cyberattack into an opportunity
years of academic excellence
faculty and staff
Following a security incident that wiped out their system, Nicola Valley Institute of Technology (NVIT) worked with Compugen to fortify their environment from future attacks. Little did they know that in the process of modernizing their infrastructure, they were also preparing for much bigger changes to come. Their upgrades meant they could weather the rapid move to remote education with collaboration tools that enabled a highly effective, virtual classroom experience for professors and students.
About Nicola Valley Institute of Technology
NVIT is British Columbia's only Indigenous public post-secondary institute, with campuses in Vancouver and Merritt. Founded in 1983, NVIT was designated as a Provincial Institute under the British Columbia College and Institute Act in 1995. NVIT has approximately 1,400 students studying in the fields of wellness, technology, governance, and land and economic development.
It started with a single mouse click.
When someone in the NVIT environment opened what they believed was an innocuous email file attachment, they had no idea they had just opened the gates to a ransomware attack that would bring the entire organization to a near standstill.
In December 2019, Associate Vice President of Finance and Administration Ernie Gran was two weeks into his new position when he learned something was wrong.
“At first we thought it was just a glitch in the system, but by the middle of the workday our system was totally wiped out,” Gran said.
The attack cut access to the network, which affected nearly every aspect of NVIT’s operations. Within half a day, approximately 1,400 students and 110 staff and faculty on both campuses were directly affected. Communication was immediately and severely impacted – email, Wi-Fi and phones went offline. While school leadership used social networking messaging apps to communicate with students in the immediate aftermath, class instruction had relied heavily on the network for media presentations and communication between instructors and students – which meant classes came a halt. All files, data, SharePoint systems and servers were locked. Worse yet, Nicola Valley did not have an Incident Response Plan (IRP) in place.
Compugen was already engaged with NVIT as a technology and software vendor,. so the institute reached out to Compugen to help remediate the attack and restore systems to ensure the January semester could start on time, safely and securely. With end-of-term exams underway, a quick resolution was imperative.
One of the first things the Compugen team had to do was determine how the breach happened, what was affected and how to ensure the breach was contained. Any action to remediate while the bad actor was still inside the system would end up doing more harm than good.
The urgent call rallied the Compugen Cybersecurity Experts and Technical Services leadership for immediate collaboration with the NVIT IT Team. Compugen knew that the immediate priority was to provide guidance for containment, investigation and systems recovery. The joint teams focused on wiping personal computers and servers on both campuses and formed a plan to rebuild them safely. With future-proofing the system in mind, the teams ensured that they had the most up-to-date operating system and security patches, as well as updated anti-virus apps on every device.
Compugen’s Karol King, Senior Project Manager became the de-facto team captain to manage all external stakeholders. The Compugen and NVIT teams moved some access management systems to the cloud where it made more operational and financial sense. To ensure the NVIT team was well prepared for future operations and questions, Compugen advised and trained the NVIT on system management processes, and created comprehensive documentation for everything they did both digitally and on paper.
While this was underway, both teams also prioritized plans for the restoration of communication systems. Compugen recommended a cloud-based solution to allow quick restoration and provide immediate voice functionality that would form the foundation for their long-term solution. Prior to the incident, NVIT used Microsoft Skype for Business. NVIT was planning a project to migrate to Microsoft’s M365 later that summer, however, the cyberattack expedited the transition to M365, a product that includes Teams Collaboration. The recommended approach would immediately enable internal voice communication through Teams. For external voice communications, Direct Routing with existing hardware (120 Polycom devices) was deemed suitable and would provide the perfect solution in the short term.
After updating software across all devices, Compugen transitioned NVIT to Microsoft Teams, restoring internal voice calling within weeks of the attack. With internal voice communication systems operational on a new, cloud-based platform and new security measures in place, the team turned their attention to leveraging Teams for classroom support and recovering email communications. Compugen’s main objective was to modernize communication and collaboration for both students and teachers. The first task was to make sure faculty had access to email, and then look for ways to enhance the in-class experience.
The remaining foundational issue was modernizing and enhancing security. Key to this was re-engaging NVIT’s planned project to replace the Wi-Fi and firewall components. Compugen advised on the new firewall and configured the rebuilt collaboration systems to align to the new firewall. Compugen’s team then replaced outdated access points, routers and core switches to fortify the system.
In the end, the incident had fortuitous results. What NVIT didn’t know at the time was that they would be able to lean so heavily on the new infrastructure as the educational landscape took a quick turn.
As a result of a comprehensive rebuild effort, the infrastructure has protected the environment to the point where there have been zero successful cyberattacks in the 18 months since the ransomware attack.
“Now we are more sensitive and knowledgeable on what to be aware of, and how to prevent an attack,” Gran said. “For example, in addition to our group firewall, we implemented secure personal firewall software on each computer as well as the network.”
One of the best things that can come out of a crisis is the opportunity to do things differently.
The NVIT team took full advantage of their outage and implemented systems that provide broader capabilities such as simplified communications and meetings experiences, enhanced accessibility for a more inclusive learning experience, and improved student and faculty collaboration. NVIT also upgraded the major elements of their network including firewall, Wi-Fi and switch infrastructure. It is a more unified, manageable solution, with improved overall security from future risks.
Microsoft Teams allowed NVIT to develop and launch an online learning platform to provide engaging and accessible content to their students. NVIT was well positioned for a rapid move to distance learning when lockdowns began just a few months later. This gave students a learning edge, as they already had strong collaboration tools in place and were using them effectively before they became absolutely necessary. Most importantly, implementing Teams also enabled the student population to return and begin the January 2020 semester on schedule.
“To be honest, this cyberattack turned out to be a blessing in disguise because if it hadn't happened, I don't think we would have been ready for how 2020 was going to unfold,” Gran said. “It completely changed the way we do business.”
Upgrading to M365 as a response to the cyberattack provided a more collaborative, accessible experience for faculty and students, while significantly improving security. Since Teams is included in their Microsoft Education licence package, it provided a strong ROI and made NVIT’s decision even easier.
The institute was able to modernize its infrastructure with strategic technology investments and harden its technical defenses. As a result, NVIT hasn’t encountered any security incidents since. The attack also emphasized the importance of proactive IR planning to guide the institute’s Executive and Technical teams in times of crisis. In the end, the success of this solution had as much to do with developing a relationship based on trust as it did with technology.
“One of the most important things I have ever done was to engage Compugen who right away became part of our extended family,” Gran says. “Compugen is not just a third-party contractor for us, but someone who shows they really cared for the NVIT institution.”