
โItโs just a sign of the times,โ said Jason Testart, director of information security services at the University of Waterloo, on the growing concern over cyber security at Canadian universities.
In an environment that celebrates the sharing and accessibility of information, there are ever-present concerns over the security of intellectual property.
But does this issue pose a serious threat to university databases? Testart doesnโt think so.
โI mean the way I see things, if you look at information security itโs essentially a practice of risk management,โ explained Testart. โSo what we do here at Waterloo anyway, we assess information that is a higher value, or higher risk, and we ensure that that information, that the vulnerabilities are reduced or eliminated. There are levels of security; there are levels of attention we take to the information. We take the personal information of students pretty seriously.โ
Testart could not comment on the exact number of cyber-attacks that the universities are experiencing, although he did say that they come from all over the world.
The increasing use of what are called โbotnets,โ a group of compromised computers that are used by an attacker to access databases from all over the world, makes it increasingly difficult for security services at Canadian universities to identify exactly where they are being targeted.
โMost attackers will, what I call, proxy their attacks through intermediate computers that have been compromised. Another approach they may take sometimes is there are Virtual Private Network (VPN) services that are hosted overseas, which act like a web proxy so all of the connections look like theyโre coming from there, so they hide the originator of the attack.โ
Lori MacMullen, the executive director of the Canadian University Council of Chief Information Officers spoke with The Cord. Like Testart, she was not overly concerned over the threat posed by cyber-hackers.
โUniversities, just because of their inherent nature of information sharing and working with people from across the world, that creates an additional complexity for them,โ said MacMullen. โBut I donโt think this introduces a risk. Do I think itโs a higher than normal level of risk or that theyโre not responding to it? No.โ
Given the sheer number of people accessing university databases from a wide array of areas, some concern is shared over the susceptibility of their networks. The public nature of universities can make their systems more vulnerable to cyber-attacks when compared to private organizations with trusted networks. Testart commented on this issue, again quickly dismissing its severity.
โTen years ago I would have said that โyes, thatโs true.โ However, today with the proliferation of mobile devices and the increase in cloud computing – and when I say cloud computing Iโm talking about things like Google Drive or Dropbox, services like that – I would say, no, weโre not more vulnerable than other organizations.โ
According to MacMullen, over the last decade universities have really improved theirย online security, similar to corporations who are used to setting up what MacMullen calls a โperimeter security.โ
โThey would have trusted networks within the corporation and then anything outside of that is untrusted,โ she said. โBut thereโs a paradigm shift there. Weโre finding a lot of organizations are dealing with this issue of having their data out there. They have a little bit less control over that information, and thatโs kind of leveling the playing field.โ
โFor me personally, security is a growing concern just because thatโs my realm of security so Iโm always concerned with it,โ MacMullen laughed. โAs far as IT in general, I think itโs a growing concern, is it an alarming concern? No. But it is something that has been getting more resources.โ








Leave a Reply
You must be logged in to post a comment.