IT security departments are hard at work repelling cyber-attacks like the one that hit Europe last week
Data is fast becoming one of the most valuable assets any business can have, and as such, hacking into an organisation and stealing that data is increasingly common. Universities are huge targets for hackers because of the vast amount of personal information in their possession. Their status as leading research institutions and the intellectual property they contain also make them a prime target.
Because of the threat, in 2000 the Federal Trade Commission introduced a “safeguard” rule which directs and provides financial assistance to institutions like universities so that they can create a written information security program (“WISP”)
However academic environments typically promote a free flow of information, universities operate in a culture of communication among the staff, students and research groups. Because of such an environment it can be difficult for IT groups to establish a completely secure WISP and maintain the same user experience, leading hackers to believe that such systems are generally easier targets.
Most universities suffer day to day security threats of malware, phishing, information leakage and infrastructure attacks. The University of Wisconsin reported having around 90,000 attempts to penetrate its system per day. Since 2005 there have been more than “700 reported incidents of security breach” according to a paper published by University Business. And numbers are only growing as Hackers get more skilled and universities continue to be a target.
To view a list of some of the biggest data breaches from 2016 click the link below
While cyber security is not a new issue, it can sometimes take events like the hack that spread across Europe last weekend, to remind us just how important it is to make sure we are safe and our details are secure online.
Australia avoided most of the effects of the ransomware attack which crippled vital operations around the world including England’s NHS system and Germanys federal railway system. The virus spread like wildfire through the UK, US, China, Russia and Italy. Up to 74 countries were affected and although Australia came out fairly unscathed no country is immune to this kind of large scale cyber-attack.
Professor Yang Xiang, Director of Deakin University Center for Cyber Security Research, says that the attack is a: “timely reminder that we need to be constantly alert and thinking about how we can protect important sectors that rely on personal data, like hospitals-sectors where compromised security and a lack of access to data can literally put lives at risk.”
Ironically the Europe hacking came just before Privacy awareness week (15th-19th of May) an annual initiative of the Asia Pacific Privacy Authorities forum.
A survey released for Privacy awareness week studied the Australian community attitudes to Privacy, it found that 69% of Australians feel more concerned about their online privacy than they did five years ago. But a vast number neglect to use existing online privacy tools available to them.
To view the full report click the link below.
The Australian Information and Privacy Commissioner, Timothy Pilgrim, stated in a media release that: “It’s encouraging to see that Australians are alert to privacy risks. But we need to convert awareness into action, and use the options already available to us to protect our personal information.”
For individuals seeking to protect their private information, the best advice is to regularly update your software as RMIT associate professor Mark Gregory explains:
“It’s about updating systems to the latest revisions, patching those operating systems and doing the updates overnight. Doing backups on a daily basis. Most of the operating systems have got three or more tools built into them to allow for people to do backups, and of course ensuring that there’s anti-virus, anti-malware, anti-ransomware. But of course, the problem is that people need to pay for that and a lot of people are not.”
Universities can have hundreds of desktops, and it is the job and responsibility of respective IT security departments to keep their computers up to date and secure from malicious threats. Last year the university of Calgary in Canada was hit by a ransomware attack that crippled windows machines on the campus. Similarly, to the Europe hack the ransomware demanded payment in bitcoins so as to make it difficult for authorities to track. The university ended up paying around AU$15,000 to restore their data.
While experts warn that payment would encourage further blackmail the university proved to be a lucrative target.
Last year security firm SentinalOne revealed that 44 universities in the UK were hit by ransomware attacks.
As attacks on universities become more common, IT security personal must be on guard to protect the files of teachers and students. This is the job of Deakin university’s IT security manager Darren Mckemmish.
According to Mr McKemmish successful defense against encryptions like the one that spread across Europe means patching your desktops. The only reason Deakin didn’t fall victim to the hack was because of the IT security team.
“Every desktop gets patched within a couple of weeks of Microsoft releasing patches,” he said.
However, this is not to say that Deakin is without attacks. Mr. Mckemmish told me that he gets at least two or three ransomware attacks each month and explained the process of dealing with them.
“We have a process in place for dealing with it, users recover the data from backup. We backup all our data and we also have snapshots of our file stories so we can generally go back. You might lose an hour work but that’s it.”
Another Melbourne university, RMIT, said it had taken action as soon as it heard about the European ransomware attack. It said: “IT Services were alerted to the potential attack on Friday evening and immediately took preventive action. Over the weekend, ITS patched all servers which might be vulnerable and configured firewall and anti-virus software to block any traffic related to this threat.”
But to protect your own files you must patch your computers, Mr Mckemmish is a firm believer that education in how to patch computers and what to look out for was one of the best weapons we have against cyber crime. For full details listen to the interview with Mr McKemmish below.
http://[soundcloud url=”https://api.soundcloud.com/tracks/324042031″ params=”color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false” width=”100%” height=”166″ iframe=”true” /]