Fighting off cyberattacks
Spectre, Meltdown, Wannacry. All are ominous names associated with the newest criminal enterprise—cyberattacks. As the need for cybersecurity grows to combat cyberattacks, Illinois State University’s information security team engages in the delicate balance between safety and transparency.
“If we were 100 percent secure, we would have paper files locked in a vault. We would accept cash only. And nothing would get done,” said Administrative Technologies’ (AT) Director of Information Security Kevin Crouse. “In this job, one of the hardest things to do is keep the organization running while working to keep it safe.”
The hard work is paying off.
Crouse estimated the University gets hit with more than 500,000 cyberattacks each week, a majority of them through “phishing” emails, or emails designed to entice people to give away passwords or account numbers. “Our firewall takes care of most of those attacks,” said Crouse, “but criminals are retooling attacks every day. There is a lot of money to be made in cybercrime.” He estimates around 12-15 can get through each week. Though most of them are easily combatted by the Information Security Office, there are the large-scale attacks that require a different approach.
The cyber vulnerabilities nicknamed Meltdown and Spectre have the potential to impact every computer chip manufactured for the last 20 years. At Illinois State, the identification of Spectre kicked into gear the Cyber Event Response Team, or IT-CERT, that brings minds from across campus to combat larger cyber security issues.
“We first started getting rumblings from threat intelligence feeds,” said Dan Taube, assistant director of Identity and Access Management. When the department’s two analysts confirmed the magnitude of the threat, Taube and Crouse activated IT-CERT. “We began strategizing what the vulnerability meant for the different environments on campus—the applications, the virtual servers, and our external cloud,” said Taube.
The team approach of IT-CERT is important when it comes to conveying information, noted Taube. “During an event, we need everyone working together, but we don’t want them to panic,” he said. “The best way to make sure we are all on board is to have input from across campus.” IT-CERT contacted potentially impacted units and helped to design strategies to maintain the safety of information.
“I will say that I am really appreciative of the cooperation we get from our community,” said Charles Edamala, associate vice president and chief technology officer. “Most of the people we serve and work with do understand when we need to be inconvenient because of a security issue and are patient with us as we work through problems.”
When not facing a crisis, Crouse said the majority of AT’s security work goes into preventing a crisis from happening. “We want to mitigate risk for our 30,000 users, but not at a price where they cannot go to school or do their jobs,” he said. Practices developed by AT and their partners across campus match the evolving nature of cyberattacks. “One example people may have noticed is that they can’t get access to their paystubs from off-campus anymore,” said Taube. “The move is designed to reduce the risk of criminals getting to financial information. We also know it might be inconvenient for people, but it is also to protect their information.”
Working with departments and individuals to understand why changes are made is vital to the success of information security, said Crouse. “Our interest is what is best for the University, but we don’t want people to feel as though we are trying to ruin their lives,” he said with a laugh. “We try to find the least inconvenient way to impact a student, faculty, or unit.” That attitude is especially important for work on a university campus, Crouse added. “In the corporate world, IT are usually the people who say ‘no’ to everything, but that does not work in academia,” he said. “There has to be an explanation for a change. And we feel it’s important to have an answer to the question why.”
“IT security is dependent on every person with access to systems at the University,” added Edamala, “We are literally only as strong as our weakest link. So take care to create strong passwords and be careful what link you follow off your email or other documents. If you handle sensitive information, be sure to follow proper security recommendations.”
Taube encouraged the campus community to view Tech Alerts about phishing scams on the My.IllinoisState.edu portal. “When it comes to cyberattack, knowledge really is power,” he said.