Campus Incidents Highlight Cyber Security Risks

Often, we don’t realize how important we are. Many of us may think and feel that we are not very interesting to the world around us. We forget that all of us are connected by the technology systems we use.

One person clicking on a phishing email can give malicious actors a door into that individual’s computer. From that computer, those actors can try to find and exploit other vulnerabilities in the network, jumping to other computers and, possibly, to servers. 

The vulnerability options to exploit in internal intranet software increases, as it is often not tested for security as strongly as the internet-facing systems are because that software is expected to be secure behind the firewall.

These incidents have a huge impact on everyday life. 

Image Sourced from onlineapplication.clackamas.edu

For example, just last month Clackamas Community College experienced a comprehensive service outage, on Jan. 19. While investigating, the school’s Information Technology (IT) department realized it was a serious cyber security incident, and contacted law enforcement for assistance. 

This incident led to several additional days of canceled classes, coming just after the severe wind/ice events that affected the entire Portland area and surrounding region. Students and faculty were prevented from accessing many of the college’s systems while the recovery was in progress. 

Nearly a year ago, in March, Lewis & Clark College suffered a cyber security incident involving ransomware from a malicious group known for similar attacks on educational institutions. The malicious group published some of the college’s data on the dark web.

Although identity theft and financial fraud was the main concern of many affected, a breach like this can have many other far-reaching and devastating impacts, depending on what private data is compromised. 

Personally identifiable information is always a top concern. On the lighter side, one of the least egregious examples is to imagine leaked emails from someone who was planning a big surprise party. The surprise could be ruined. Of course, this is a very minor example. It can be much worse for research data around sensitive subjects to be leaked, or planning and strategy data for private or public entities. 

The students and faculty of Clackamas Community College may have had a few extra days off, but now their Winter Term is shortened. Time that could have been spent working toward their education goals has been compressed and further negatively impacted. 

We may never get the full story about what happened at Clackamas, as the IT security team’s job is to do their best to protect that type of information. Published information about these events can allow attackers to hone their attacks for another attempt. Even knowing what operating systems are in use opens doors to others finding vulnerabilities. 

What can we do, individually or collectively, to protect ourselves? 

The succinct advice of Blake Brown, the IT infrastructure and security manager here at MHCC, is, “When IT puts out information about cyber help, don’t ignore it. And if you have the opportunity to take advantage of planned technical training from a cyber perspective, it’s worth it. An event like this affects everybody.”