Recent IT security breaches at Canadian universities has prompted U of T to take a closer look at its current cybersecurity infrastructure and introduce new security measures.
Last June, the University of Calgary paid hackers $20,000 after a ransomware attack targeted their computer systems. The hackers encrypted the university’s staff and faculty email servers, which prevented any access and provided decryption keys once the ransom was paid.
“This attack is part of a disturbing global trend of highly sophisticated and malicious malware attacks against organizations including NASA, law enforcement agencies and large health-care institutions,” a press release from the University of Calgary stated. “Ransomware attacks and the payment of ransoms are becoming increasingly common around the world.”
More recently, Carleton University announced on Tuesday that an outside group or individual attempted to hack into its IT network.
According to Carleton, any Microsoft Windows-based system accessible from the main university network may have been compromised and the university warned users that ransomware messages demanding bitcoin payments may appear on their devices.
U of T suffered two security breaches in 2014. A hacker gained unauthorized access to the Department of Computer Science’s computer security. In another incident, scammers accessed the personal information of medical students — including their credit card numbers — by releasing a virus onto a U of T server.
Mike Wiseman, the IT Security Team Manager at U of T, told The Varsity that the university is “constantly monitoring for cybersecurity issues and making adjustments as needed.” After the University of Calgary hack, Wiseman says U of T re-examined its own processes and services and ensured it was protected from “unauthorized attacks.”
“As you can imagine, the technology changes drastically, and we always need to be aware of new issues and new techniques,” said Wiseman. “And so the University has undertaken several initiatives recently to address the overall cybersecurity environment.”
Among them is the university’s high-level Policy on Information Security and the Protection of Digital Assets, which was finalized in February 2016. According to U of T’s Information Technology Services’ website, the policy was created in response to the increasing risks of cyberattacks and physical manipulation of U of T’s information security.
The policy aims to “protect the privacy, confidentiality, integrity, and availability” of U of T’s data and systems and guide the actions of U of T community members with access to these systems and this information.
U of T also launched an information security awareness program that helps staff, faculty, and students detect online risks to their personal information.
The university is in the process of hiring a Vice-Provost & Associate Vice-President of Digital Strategies.
Wiseman says U of T is “rolling out” Information Risk Management Program Services, to help departments and faculties plan new projects and services with a focus on cybersecurity. For example, a department looking to create a new website would consult the risk assessment service, which would help them increase security on the website.
According to Wiseman, making these security considerations early is key to protection against malware and other cyber threats.
“You can’t get a perfect result when you’re trying to protect in the security realm,” says Wiseman. “But you can get to the point where you have done everything and put effort into all these recommended areas, and that goes a long way to protecting your organization and your people.”