Cyber hackers target schools

(Photo by Heather Davidson)

“It’s just a sign of the times,” said Jason Testart, director of information security services at the University of Waterloo, on the growing concern over cyber security at Canadian universities.

In an environment that celebrates the sharing and accessibility of information, there are ever-present concerns over the security of intellectual property.

But does this issue pose a serious threat to university databases? Testart doesn’t think so.

“I mean the way I see things, if you look at information security it’s essentially a practice of risk management,” explained Testart. “So what we do here at Waterloo anyway, we assess information that is a higher value, or higher risk, and we ensure that that information, that the vulnerabilities are reduced or eliminated. There are levels of security; there are levels of attention we take to the information. We take the personal information of students pretty seriously.”

Testart could not comment on the exact number of cyber-attacks that the universities are experiencing, although he did say that they come from all over the world.

The increasing use of what are called “botnets,” a group of compromised computers that are used by an attacker to access databases from all over the world, makes it increasingly difficult for security services at Canadian universities to identify exactly where they are being targeted.

“Most attackers will, what I call, proxy their attacks through intermediate computers that have been compromised. Another approach they may take sometimes is there are Virtual Private Network (VPN) services that are hosted overseas, which act like a web proxy so all of the connections look like they’re coming from there, so they hide the originator of the attack.”

Lori MacMullen, the executive director of the Canadian University Council of Chief Information Officers spoke with The Cord. Like Testart, she was not overly concerned over the threat posed by cyber-hackers.

“Universities, just because of their inherent nature of information sharing and working with people from across the world, that creates an additional complexity for them,” said MacMullen. “But I don’t think this introduces a risk. Do I think it’s a higher than normal level of risk or that they’re not responding to it? No.”

Given the sheer number of people accessing university databases from a wide array of areas, some concern is shared over the susceptibility of their networks. The public nature of universities can make their systems more vulnerable to cyber-attacks when compared to private organizations with trusted networks. Testart commented on this issue, again quickly dismissing its severity.

“Ten years ago I would have said that ‘yes, that’s true.’ However, today with the proliferation of mobile devices and the increase in cloud computing – and when I say cloud computing I’m talking about things like Google Drive or Dropbox, services like that – I would say, no, we’re not more vulnerable than other organizations.”

According to MacMullen, over the last decade universities have really improved their  online security, similar to corporations who are used to setting up what MacMullen calls a “perimeter security.”

“They would have trusted networks within the corporation and then anything outside of that is untrusted,” she said. “But there’s a paradigm shift there. We’re finding a lot of organizations are dealing with this issue of having their data out there. They have a little bit less control over that information, and that’s kind of leveling the playing field.”

“For me personally, security is a growing concern just because that’s my realm of security so I’m always concerned with it,” MacMullen laughed. “As far as IT in general, I think it’s a growing concern, is it an alarming concern? No. But it is something that has been getting more resources.”

Leave a Reply