They don’t wear uniforms, they don’t pack heat and they don’t drive a squad car with lights and sirens. But the staff at TRU’s Information Security Office spend a large part of their days hunting down what software analyst Rick Walker calls “the bad guys.”
In the first eight months of this year, TRU software analysts Walker and Amy Sampson have handled more than 17,000 incidents – a litany of efforts aimed at everything from conning email recipients to sending money or credit card information to infiltrating the university’s computer network.
That’s after the filters and other security systems that have been put in place have warded off a barrage of spams and scams that can reach as many as 50,000 a day. Those emails don’t even get through to staff and faculty.
“We block it from coming in so you don’t even see it,” said Walker.
Anyone at TRU who has forwarded a suspicious email to email@example.com has likely received a thank you from Walker for helping the team block out those bad guys. As quickly as programs are developed to make computers secure, someone is working on a way to compromise it. The battle requires constant vigilance.
“Things change a lot and they change fast,” he said. “We take everything very seriously.”
TRU Director Information Security Hugh Burley said in the last 10 years, TRU has seen a dramatic increase in hacking for profit, such as ransomware, sextortion or theft of information for resale to the highest bidder.
“The number of threats from the use of computers are quite numerous and include everything from A to Z (Anonymous hacktivism and Advance persistent threats to Zero day malware and Zombie cyberattacks),” he said.
“That said, nation state hacking has also increased dramatically, with millions of scans and penetration attempts seen every day against TRU’s firewalls. The current estimates of cost per breached record are hovering around $214. With the hundreds of thousands of student, staff and faculty records held by TRU, it is easy to see how a breach could run into the millions of dollars. In fact, the average cost of a major breach in Canada was $6.11 million in 2017.”
Walker described one scam scenario in which an administrator or financial officer goes on holidays. The phisher finds out the person is away (a word of advice: do not disclose your upcoming holiday plans on Facebook or other social media) and sends an email to someone else in the department, pretending to be the boss. That person is told by the fake boss that he or she forgot to do an e-transfer or other financial transaction with a company before he or she left and is asked to complete it.
New TRU employees know Walker because he runs security awareness workshops. He offers three different one-hour sessions (with prizes and chocolate as incentives) that anyone can attend: faculty, staff and students. These sessions come up a few times a year and he usually has some interesting war stories as well as advice. And chocolate.
Some university staff and faculty are as enthusiastic as Walker about catching bad guys, so they send him every email scam they get. He calls them champions, because they help in the fight to keep TRU cybersecure.
Burley said in 2017, 600 staff, faculty and students submitted more than 14,000 reports of suspicious emails to the Information Security Office at firstname.lastname@example.org. TRU has invested in technologies including multiple next-generation firewalls, endpoint security with advanced malware defeating components, email gateway controls and security incident and event monitoring tools run by a 24/7 security operation centre.
Additionally, his department is building effective policy controls, provides ongoing awareness training and has rapid incident response capabilities with the recent addition of a second information security analyst. Overall spending on Information Security is expected to reach 11 percent of the TRU ITS budget in the next year.
There are always clues that an email isn’t what it seems to be. First, look at the return email. Is it from the same source? If it doesn’t fit in with the email, such as a bank request coming from a return email at lovepillows.com, chances are it’s fake. Banks don’t ask for PIN numbers or other personal information online. If a request comes to you and it looks legit – the logos are from the right bank and it all seems official – don’t answer by email. Call the bank or go down in person. And think, why would your bank be emailing you at your work address?
“What’s the most valuable thing on your computer? Information,” said Walker.
Opportunities for cyberattacks are only going to grow as the number and types of computer devices increases along with use of cloud services, because on the other side, the scammers and phishers are always working to find new ways of gaining access and breaching security.
“The Information Security Office is working to provision solutions for these issues proactively but it is clear that staff, faculty and students will play the most important role in protecting the university and themselves from cyberattacks,” said Burley.
Tips to staying secure:
- Do not rotate passwords, ever.
- When you create a password, use a phrase instead of a word. Make it longer than eight digits, using at least one capital, a number and a special character. For example, you could use “truschool” but spell it TrUSch001*, with zeros instead of the letter o.
- Use TRU’s Sharepoint, which is encrypted, backed up and stored at TRU.
- Do not use Google Docs for secure items, as it is backed up to third-party servers, the NSA can request access and not tell you and it’s hosted in a foreign country.
- Don’t click on suspicious emails. Report them to email@example.com.
- Restart your computer rather than putting it into sleep mode every night. Restarting ensures it applies any updates. Keep all your computing devices up to date.
- Use different passwords for different accounts.
- Attend the security awareness sessions offered by the Information Security Office.
- Get more information about how to stay secure.
By the numbers:
- Number of spams per day TRU IT staff filtered out in 2015: up to 3,000
- Number of spams per day TRU IT staff filters out in 2018: up to 50,000
- Number of email accounts at TRU: about 4,500 staff, faculty and generic accounts and about 40,000 student accounts
- Number of passwords IT software analyst Rick Walker has: 83
- Global cost estimate to repair ransomware damage: $11.5 billion in 2019
- Amount paid by University of Calgary in ransomware attack in 2016: $20,000
- Amount demanded by hackers from Carleton University in ransomware attack in 2016: $40,000
- Loss to MacEwan University in Edmonton to phishing emails in 2017: $11.8 million ($10.92 million was eventually recovered at an additional cost of $250,000 to the university)
Computer security is a global concern. Read about the infiltration of the Maersk shipping system worldwide in this Wired magazine article.