As one local institution continues to deal with the impacts of a cyberattack, an expert suggests more proactivity is needed.
On Sunday, the University of Winnipeg (UW) discovered it was the victim of a cyberattack, which it said targeted the school’s network. The incident saw classes cancelled on Monday, internet downed and, most recently, exams delayed.
Carmi Levy, a technology analyst, said this falls in line with a growing pattern.
“We almost can’t go a day without hearing news of another high-profile attack,” he said, adding that the spur of activity leads other cybercriminals to think “they can get in on it as well.”
“So, what we’re witnessing here really is a pile-on experience where they see an opportunity and go for it.”
He said universities are large targets for cybercriminals because of the information and data they hold.
“It’s almost like moths to a flame. And, of course, there are many different systems that universities use to gather and access and manage that data, which gives cybercriminals many entry points in to gain access,” Levy said.
Along with being a public organization that has lots of stakeholders, confusing the digital landscape, he said they are rich grounds for hacking, not to mention usually a little underfunded in the cybersecurity department.
Get breaking National news
“We know full well that many public-facing institutions, including governments, universities, health-care institutions, often struggle with cybersecurity because they don’t have the money,” he said.
“They can’t hire the people, they can’t buy the technology to protect everyone in every situation. So you put all of that together, and it’s almost like an ideal scenario for cybercriminals to target.”
Levy said protection boils down to a needed shift in culture.
“Up until now, (cybersecurity) has not been front and centre when universities and other publicly facing institutions plan their technology investments; it’s often treated as a form of insurance. Nobody wants to talk about it because it’s kind of taboo.”
Plus, there is an element of shame and embarrassment associated with being caught in an attack of this nature, making people quiet down, he said.
“Cybercriminals count on us not talking about their attacks,” he said, “but that only makes it easier for them to execute additional attacks.”
Practically, more training on online red flags is also necessary.
“Many of these attacks are often initiated by an employee clicking on the wrong thing in a phishing or spear-phishing email. And then, of course, that allows the attack to proceed,” Levy said.
The things to watch for are messages asking for a link to be clicked. They may even look like they are from someone familiar.
“Always hover over the email address and the testing address of messages that come in to you to make sure that it is, in fact, coming from the legitimate source, not someone pretending to be them,” he said.
He noted potential threats are looking more legit as technology, and access to quality technology, advances.
UW said it is “continuing to investigate the incident to better understand its impact on the university,” will be holding a town hall with updates soon and is posting updates at uwinnipeg.ca.
It said the academic term has been extended.
Levy said it could take months for the school to bounce back from this.
Comments