Cyberattacks are getting at UW’s information and data

This year marks the 14th annual National Cyber Security Awareness month, co-founded and led by the U.S. Department of Homeland Security and National Cyber Security Alliance.

The program was designed to educate the public with events that raise awareness about the importance of cybersecurity. The vision is to provide people with the tools and resources needed to stay safe online as well as increase the resiliency of the country in the event of a cyber incident.

UW Seattle’s Office of the Chief Information Security Officer, also known as CISO, is hosting a series of events for students that will take place on each of the UW campuses including weekly presentations such as: Security 101, Building Situational Awareness, Deep Dive on the Dark Web and Digital Forensics. Monthly briefings in October through December will also be offered to stimulate conversation amongst faculty, IT professors and students on various topics.

Many students underestimate their risk of a cyberattack thinking they aren’t a big enough target; however, everyone is at risk.

Chief Information Security Officer Kirk Bailey said, “Despite our best collective efforts, every once in awhile the cyber hackers score a win. Sometimes valued data is accidentally disclosed. In the current cybersecurity landscape, these scenarios are easily inevitable.”

Over the last several years, cyber hackers have gained significant advantages and those defending their information and data are lagging behind because compliance requirements and out of date operating standards decrease the value of traditional approaches.

“Current security programs are largely standards-based and reflect an unrealistic ‘one size fits all’ mentality,” Bailey said. “To make matters worse, those outdated standards are often used as a blueprint for cyberattacks.”

CISO’s strategic approach to protecting UW’s information and data is managing risk on the “assumption of breach.” This method pragmatically supports the university by balancing risks and creating situational awareness about sophisticated cyberattacks.

The Security 101 meeting Oct. 24 in Cherry Parkes presented information to help UW employees understand the risks and responsibilities of protecting UW institutional data.

Melissa Albin-Wurzer, information security analyst for CISO, said, “Cybercriminals are using increasingly sophisticated methods to target universities and develop convincing phishing messages.”

According to CISO’s annual reports, there was a 298 percent increase in compromised UW NetIDs from 2014 to 2015. The top two reasons for this were attempted spamming emails and phishing websites. To help this problem, CISO has put priority on providing students information regarding cyberbased threats.

The number of malware and phishing attacks aimed at UW students are not expected to see a significant decrease in the next few years. However, CISO has been educating the public on how to avoid the traps. An audience member at the Security 101 meeting asked how the university can catch the phishing emails that students may be receiving.

Albin-Wurzer replied, “The best way a student can let the institution know of any suspicious emails is by contacting help@uw.edu.”

She then continued to talk about the prevention of cyber attacks.

“Other ways students can protect their devices from malware or phishing websites is by not clicking on any links,” Albin-Wurzer said. “Use anti-virus software. Sophos Anti-virus software is available to all UW students free of charge.”

A professor who works in IT at UWT asked what the institution’s solutions are for cyberattacks on UW servers.

“All faculty is required to take online training so they are aware,” AlbinWurzer replied. “This year UW also launched Duo, a new two-factor authentication system, for extra privacy.”

CISO plans to host more informational sessions every year on all of the UW campuses so faculty and students are aware of the dangers of cyber attacks and how to prevent them.