By Scott Strasser, October 25 2016 —
Professional services firm Deloitte presented on cyber security at a University of Calgary Board of Governors meeting on Oct. 21.
Deloitte’s presentation highlighted the prevalence of cyber attacks on public institutions. Justin Fong, a partner with Deloitte’s cyber risk services, spoke about how common cyber attacks are in the post-secondary sector.
U of C vice-president finance and services Linda Dalgetty said the presentation was important.
“The presentation was about how we become secure, vigilant and resilient in terms of cyber security,” she said.
In his presentation, Fong stated that 17 per cent of data breaches are in the advanced education sector and that education ranks third among the top 10 most-attacked sectors. He cited magazine EdTech’s statistic that 1.35 million personal identities in the education sector were exposed to hackers in 2015.
Fong’s presentation also highlighted three significant IT breaches in North American post-secondary education within the last two years — the 2013 data disclosure at Stanford University, the 2014 FBI alert following a Nation State Attack on the Penn State University engineering department and the 2015 defacing of the Harvard University political science website.
Dalgetty said phishing and other cyber attacks on universities have become more sophisticated in recent years. The U of C fell victim to a few phishing attacks — emails that ask users for sensitive information like usernames and passwords in order to access their accounts — last year.
“That’s a lot of what Justin talked about — the evolution of how cyber crime is escalating, the rate at which it’s escalating and its sophistication,” Dalgetty said. “They used to be in broken English, they looked funny. You could pick them out of a lineup from a mile away and think, ‘okay, this is someone trying to get at my data.’ Well, now they look real. Now they look like they came from the right person. They’ve got the right logos, the right salutations.”
Cyber security has been a priority for the U of C since the university’s server was hit by a ransomware attack earlier this spring.
In May, the U of C was forced to pay the equivalent of $20,000 Canadian in bitcoin to an unknown hacker who disabled access to several U of C computer services, including the AirUC-Secure Wi-Fi network and Office 365 webmail. The university paid the ransom in order to restore access to the computer services and rescue files before they were potentially lost.
“We’ve done a lot of work on campus — we’ve done townhalls, UToday stories, we’ve talked about this at General Faculties Council. We felt it was important to bring the [Board of Governors] up to speed on the same items,” Dalgetty said. “As we become more technologically adept, cyber security issues are going to become more profound.”
In response to the ransomware attack, the U of C bought cyber insurance and underwent an IT policy update this summer — the university’s first IT policy update since 2007.