Consider This: Cyber Security in Higher Ed

Cyber and information security are presently top-of-mind in the higher education sector. Apart from its people, information is the most…

Image for Post

Cyber and information security are presently top-of-mind in the higher education sector. Apart from its people, information is the most critical and valuable asset at a university. It stands to reason that universities are mindful about protecting their crown jewels. It’s also not a big stretch that university information and systems are coveted targets.

A wide range of bad actors will try to covet a university’s intellectual property and information. These actors seek various categories of information of value to them, including research, intellectual property, passwords, and personal and financial information. The types of actors include state/government sponsored coverts, organized criminals, clandestine single cell criminals, hacking activists known as “hacktivists”, the curious/bored/mischievous, and others.

In addition to threats from malicious actors, humans can prevent risks in the form of unintentional errors and mistakes. Studies find the majority of information security breaches sustained by an organization stem from within their own ranks, and the majority of those are unintentional.

Furthermore, environmental and non-human factors, such as natural disasters or water damage, also pose risks to university information and systems.

Given all that is at stake and the persistent risks and threats, cyber security is number one on the Educause 2017 Top IT Issues list, ahead of other pressing priorities like student success and completion, data-informed decision making, and sustainable funding.

Why is information and cyber security the top IT issue? Again, information is the University’s most critical and valued asset apart from its people. There are those with the means, motive, and will to steal or damage university information and systems. Adequately safeguarding the university’s most prized resources is critical yet challenging, as demonstrated all too often by breaches in the higher education sector.

Universities have sustained more high-profile cyber security incidents in recent times, too. An onslaught of email phishing campaigns have been directed at universities over the past few years with no signs of reprieve. Some of these are very targeted, known as spear phishing, where attackers research their would-be victims to craft convincing and effective email scams. In other incidents, un-patched and/or insecure systems are exploited by intruders. The intruder ex-filtrates information or they turn the university computers into their “robots or zombies” to attack or infiltrate yet another organization or several organizations. Some attackers use malware to encrypt university data, hold it hostage, and demand a ransom payment for the decryption key.

University information and cyber security practitioners are hard at work preventing, preparing, containing, responding, and improving. That said, one of the best and most important controls for cyber security is people. Faculty, staff, and students are at the frontline of many cyber attacks and are therefore in the best position to thwart them. Cyber security is top of mind at universities, and individually, we must all be vigilant, diligent, and mindful to not fall victim. When facing the opportunity to not relinquish sensitive information, to not spread malware further, and to not be the gateway or stepping stone that further propagates an attacker’s foothold, people are the university’s best cyber security asset.

October is Cyber Security Awareness month. Cyber Security Awareness Month is an internationally recognized campaign held each October to inform the public of the importance of cyber security. For more information on this and information/cyber security, visit the University of Alberta’s new Chief Information Security Officer’s (CISO) website at:

Gordie Mah

Image for Post

Gordie Mah

Chief Information Security Officer (CISO), Office of the Vice-Provost and Associate
Vice-President (Information Services and Technology)

780.492.8607 |