With hacking incidents rampant, schools like the University of Iowa need to improve their cybersecurity to protect student information.
Hacking is an unfortunate commonality in our networked online society. Every other week it seems like another high quality database or critical piece of infrastructure is being hacked.
The University of California saw this firsthand earlier this year when it suffered a ransomware attack through its security provider Accellion. The hackers tried to scare the targets to give them large financial sums of money and threatened to put all of the targets’ vital information online so that everyone can see if it is not.
The attack not only affected the school, as up to 300 other authorities and institutions also rely on this provider to securely transfer files. The hackers kept their promise by posting private information online from University of Maryland employees.
The University of Iowa and other high learning institutions won’t be immune from this. Given all of the very important and personal information about students held in the university databases, this should be alarming.
The university has a website for the Office for IT Security and Policy on all aspects of IT security. The university is currently committed to an Institutional Data Policy in which “the confidentiality, integrity and availability of institutional data must be guaranteed in order to meet legal, official and administrative requirements”.
These guidelines seem to be a sufficient foundation for the university to provide sufficient security. But hackers and data thieves are almost always one step ahead of such defense systems by nature. These defense systems always respond to known vulnerabilities and are unable to search for vulnerabilities that they do not know exist.
An incident of this type was discovered back in November and December last year by Jim Ridolfo, Assistant Professor at the University of Kentucky, and William Hart Davidson, Associate Dean of Graduate Studies at Michigan State University’s College of Arts and Letters.
Hundreds of college websites had been hacked by Essay Mills, a company that aimed to provide fraud services to students at a high price.
What if these hackers and hacking companies were after more nefarious data, such as student credit card and banking information, addresses, and other information often used for identity theft and fraud purposes?
Identity theft is a more common tactic today, and perpetrators are more excited about the financial prospects. Identity theft incidents have already increased – as of 2021, 42 percent of Americans will face some form of identity theft. Institutions like universities would not have been wiser for this to happen until it was far too late.
As far as we know, the UI cybersecurity seems to be working. However, this may not be the case tomorrow and the university is not trying to get one step ahead of these nefarious agents as this is a very new problem, the dangers of which society has not yet fully grasped.
The university must embrace the idea of putting all of its resources into cybersecurity and data protection. She cannot afford to have a “wait and see approach”. Our data and the information it has about students is almost more deadly than anything we can imagine in the wrong hands and needs to be protected as securely as possible.
The user interface needs to think a step ahead and now take more steps to protect its software instead of waiting for something to happen.
The columns reflect the opinions of the authors and are not necessarily those of the editor, The Daily Iowan, or any other organization that the author might be involved with.