Two cybersecurity articles caught my eye today. One discusses ransomware attacks on universities and quotes my colleague Kim Milford, executive director of REN-ISAC, Research and Education Networking Information Sharing and Analysis Center, which is based at IU. The other article discusses research from the Pew Research Center that shows Americans surveyed are generally loose with their password security while also doubting government agencies can protect their data.
In Inside Higher Ed’s article Your Data or Your Money: Hackers are locking colleges’ data away and demanding payment to return it. But paying the ransom raises new issues, experts say, experts say paying the ransom when a ransomware attack locks you out of your data and threatens to make it unusable doesn’t always solve the problem.
“It has to be a case-by-case decision,” Milford is quoted as saying. The article’s reporter said Milford encouraged colleges infected with ransomware to ask themselves the following question before deciding whether to pay: “Can we carry on with our business without this vital information that is being held ransom?”
Ransomware has been around since the 80s, according to the article, but has become a more common threat in recent years. Sometimes data is not restored even after the ransom is paid.
“What we find in cyberthreats is once somebody shows success, everybody is happy to exploit that success,” Milford said. “If they pay the ransom and it gets publicized, people start targeting them more and more and more. It’s a slippery slope.”
The other article, Americans and Cybersecurity: Many Americans do not trust modern institutions to protect their personal data – even as they frequently neglect cybersecurity best practices in their own personal lives, discusses Pew Research Center studies of the digital privacy environment and a 2016 survey that looked at cybersecurity habits and attitudes.
According to the article: “A majority of Americans (64%) have personally experienced a major data breach, and relatively large shares of the public lack trust in key institutions – especially the federal government and social media sites – to protect their personal information.”
It also found that “many Americans fail to follow cybersecurity best practices in their own digital lives.” Instead of using password management software, for example, it’s common for survey participants to memorize their passwords or write them down on a piece of paper.
The article also provides resources and tips for improving personal data security, such as Top-10 safe computing tips from Information Systems and Technology at MIT and 7 password experts on how to lock down your online security.
Public Safety and Institutional Assurance falls under the Office of the Executive Vice President for University Academic Affairs and the Office of the Vice President for IT and CIO.