Hackers have become more advanced during Carl Powell’s decades of information technology and higher education experience.
“The hackers used to be experimental idiots,” said Powell, the chief information officer atEastern Michigan University. “Nowadays, they are very skilled and knowledgeable. They take their time.”
Powell and other university cybersecurity experts said they are bombarded daily with attempts to hack into their systems to gain access to sensitive information, such as Social Security numbers and medical records.
“There might be higher concentrations at certain times, like long weekends and holidays when things are going to step up,” said Edward Tracy, associate vice president of technology services for the University of Detroit Mercy. “They know your human resources aren’t watching 24-7 but, thankfully, the technology is there.”
That’s a common theme among chief information officers and other college and university cybersecurity experts, who say that trying to thwart hackers is nothing new to them but that it has received more attention recently because of high-profile, large-scale breaches at companies such as Target Corp. and Home Depot Inc.
“It’s a con game that’s been going on for decades,” Powell said.
Experts say colleges and universities are prime targets for attacks because of the vast amount of personal information they keep about students, faculty and employees.
“There are attempts made every day,” said Joseph Sawasky, CIO and associate vice president of computing and information technology at Wayne State University. “On a weekly basis, we are probed millions of times from places in China, primarily. Ninety percent of the probes are turned away at the outset.”
But not all.
Powell said that in 2010, “a guy who hated Microsoft” gained access to an EMU student’s email account so he could “send hate mail to Microsoft on his behalf.”
The Privacy Rights Clearinghouse Chronology of Data Breaches says 727 breaches of education occurred at institutions between 2005 and 2014, making public more than 14 million records. Those breaches were in higher education as well as trade schools, K-12 schools and school districts, and nonprofit organizations in the education sector.
The Privacy Rights Clearinghouse reported that 17 known hacking breaches have occurred in Michigan since 2005, involving Michigan State University, Jackson Community College,Genesee Intermediate School District, University of Michigan, Calhoun Area Career Centerin Battle Creek, EMU, Western Michigan University and Ferris State University.
The Educause Center for Analysis and Research — a nonprofit IT organization with offices in Washington, D.C.; Louisville, Ky.; and Colorado — reports that although the education sector has the second-highest number of reported security breaches, fewer records were exposed during those breaches, representing just over 1 percent of the total records exposed between 2005 and last year.
Donald Welch, chief information security officer for UM, said successful hacks have occurred at the university but he declined to elaborate.
“Every institution fights off attacks all the time, and some of them are successful, but there hasn’t been a huge one like at the University of Maryland,” Welch said.
Last year, the university, in College Park, reported that a database with nearly 280,000 faculty, staff and student records was breached. Those records included names, Social Security numbers, birthdays and university identification numbers of students who attended Maryland between 1992 and 1998 and all faculty, students and staff who had a university ID between 1998 and Feb. 18, 2014. In response to the breach, the university offered free ID protection software for five years, investigated its information and computing systems and formed a task force on cybersecurity, and held seminars on data security. The cause of the breach remains under investigation.
It’s not hacking attempts from students looking to change their grades, for example, that keep college and university cybersecurity experts awake at night. Instead, it’s highly sophisticated organizations and governments outside the United States, Welch said.
“The threats are very real. They range from small operators who may not have much malicious intent, all the way up to organized crime, to national organizations, NGOs (nongovernmental organizations) that want to do our society harm and everything in between.”
Russia. China. North Korea — all are serious causes of concern.
And they are becoming increasingly sophisticated, said UDM’s Tracy, citing a phishing incident involving the university’s president, Antoine Garibaldi, and its controller, James Priskey.
“There was an email that appeared to come from our president to our controller asking him to provide information on how to wire money to a location,” Tracy said. “Our president would never ask for that. He would say, ‘You wire the money to that location.’ Our controller laughed. It was creative because they got the real name of the president and the real name of the controller.’ ”
In their efforts to combat attacks, colleges and universities in Michigan employ a range of strategies, ranging from antivirus software to firewalls to a tactic akin to vaccination and just about everything in between.
“We conduct a periodic penetration test where we hire firms that probe your system and let you know where your vulnerability is,” Sawasky said. “It’s kind of a health check, a full annual physical.”
Barbara Ciaramitaro, a professor of information technology and director of the Center for Cybersecurity Leadership at Walsh College in Troy, said colleges and universities are particularly at risk for hacking because of their culture of openness.
“We don’t do background checks on our students. We don’t control the people who are using the technology,” Ciaramitaro said. “We cannot put the same levels of controls on, so it becomes a tremendous challenge to be able to protect the data.”
She said that the number of attacks will continue to increase and that they will become far more sophisticated, ranging from hackers not merely stealing data but altering it, for example.
“Dick Cheney had to wear a lead vest because pacemakers are connected to the Internet and can be hacked,” she said, referring to the former vice president. “Will it be possible to take control of your insulin pump? Your car?”
And there won’t be a day again when institutions of higher education no longer have to worry about cyber threats, Ciaramitaro said.
View the original content and more from this author here: http://ift.tt/1FEZgF6
from hacker samurai http://ift.tt/1GGz4Ml
via
IFTTT
