after University of Winnipeg's recent security breachAfter the personal information of thousands of faculty, students, and staff members was stolen in a cyberattack, one cybersecurity expert said that when it comes to security breaches, the industry is concerned with “not if, but when.” There is a saying that goes, “It's a problem.”
“These are truly traumatic events and extremely destructive to the entire organization and the people within the organization,” Kathy Knight said.
RELATED: Information stolen in recent cyber attack: University of Winnipeg admits
Knight, now an independent consultant and previously executive director of Manitoba Trades and Technology's Cyber Security Center of Excellence, said universities are particularly vulnerable compared to other organizations.
“The thing about universities is that they are very large and complex institutions…and they collect a lot of information and data that is very attractive to cybercriminals. is at the top of the list,” she said.
“The ways in which cybercriminals infiltrate and attack systems are constantly evolving.”
Mr Knight said organizations need to be proactive in minimizing risk because risks are constantly changing. He said ongoing and vigorous security training for all levels of the organization is a best practice.
“You can put up technical barriers. You can have the best firewalls. You can have some of the best policies in place. But perhaps the most difficult part of the whole risk management scenario is the It's about how our staff responds,” Knight said.
“There are a lot of factors you can control, but there are just as many factors you can't control. All it takes is one person clicking on the wrong link.”
As many schools have moved to online learning over the past four years, the risks are higher than ever.
“It's like we're doing all our courses and everything online,” said University of Winnipeg first-year student Keelin Rollou. “This is good from an education standpoint, but perhaps there will be less emphasis on the online side of school going forward.”
Mr. Rollou, whose information was stolen in the cyber attack, says he wants to focus on locking down his information, but because the attack took place during exam time, he is being forced to make difficult choices regarding cybersecurity risks.
“I'm focused on having all my information ready for exams and studying, because right now that's more of a priority than the possibility of my information being used,” Rollou said. Told.
“Now it's more likely that something like that will happen.”
Following news of the attack, the University of Winnipeg offered a two-year credit monitoring service, which Rollou said she plans to take advantage of.
“I'm doing two years of credit monitoring, so I'm just hoping that everything will naturally go in the right direction,” Rollou said.
Knight says the key is to identify the risks post-breach. She encourages anyone whose information has been stolen to call their bank, change their application passwords and enable multi-factor authentication.
“Practice personal cybersecurity hygiene on all your devices. You have to be as in control of your personal information as possible, so you have to think about it,” Knight said.
