McMaster has beefed up its cyber security infrastructure. The University’s Technology Services department now employs four full-time Information Technology security specialists, compared to only two in the past.
The change comes amid growing concern over the prevalence and severity of hacking attempts directed at post-secondary institutions.
“[Attacks] happen daily,” said Paul Muir, McMaster’s new Systems Integration Specialist. “And [they] happen to a lot of systems across campus.
Many of these attacks are relatively unsophisticated, and rely on tricking users into giving up personal information.
“We see the vast majority of compromises coming in through the vectors of phishing and bad, malicious websites where bad code gets run on your computer without your knowledge,” said Richard Godsmark, the senior manager of the IT Security department. Godsmark came to McMaster from Wilfred Laurier University to help develop the university’s security systems.
The fact that many people are not aware of all the dangers they face when casually browsing the internet makes it easy for hackers.
“When you’re on the internet, you feel you’re in a safe place […] and so the chances of being munged online are far greater, and you may not necessarily know it,” explained Godsmark.
For this reason, IT Security spends their time not just directly stopping hackers, but also trying to educate people on campus about how to protect themselves on the internet. October is recognized internationally as Cyber Security Awareness Month, and the department is using the event to kick-start some local initiatives. Primarily, they are trying to boost their campus presence with a poster campaign, active Twitter account and weekly McMaster Daily News posts.
Godsmark encourages people to be more aware of the information about themselves they post online.
“The great thing and the worst thing about the internet is once you put it there, it’s there, and it’s very hard to pull that information back out,” he said. “Everyone has a role in security, whether they know it or not.”
The need for a new strategy was thrown into sharp relief last year when McMaster was targeted as part of an ambitious, sophisticated “hacktivist” attack. Hacktivism is a growing phenomenon in which tech-savvy internet activists band together and target the websites and data of organizations or companies whose policies they find objectionable.
Last September, one such group targeted the top 100 universities in the world in protest of rising global tuition fees. They successfully broke into some of McMaster’s systems, although Godsmark says they compromised no sensitive data.
“What they ended up seeing wasn’t actually core systems, it was a couple of faculty servers that in reality had some stale information in them.”
However, the main goal of the attack was not necessarily to steal important university data. Rather, “it demonstrated the fact that they were able to access our information,” said Godsmark.
This year, there are twice as many IT Security specialists as there were at the time of the attack.
“We’re here to protect not only the intellectual property of the organization, but the private information of individual students, staff, and faculty,” said Godsmark. “It’s very important.”