In 2010, the Internet Crime Complaint Center (IC3) received 303,809 cyber crime complaints. Compared with the 16,838 complains that the IC3 received in 2000, the 10 year trend shows the significant increase in cyber threats and the corresponding need for information security.
Last October, Shawn Henry, Executive Assistant Director of the Federal Bureau of Investigation, addressed the cyber threat in an address to the Information. He stated that “some of the most critical threats facing our nation emanate from the cyber realm”.
Saint Louis University has responded to cyber threats by forming an Information Security Team. The Team was formed to educate the SLU community of information technology threats and respond to students in event of an information technology security incident.
According to Affan Waheed, Information Technology Services Director and Information Security Officer, the University saw an opportunity to enhance security infrastructure and formed the Information Security Team.
He explained that a host of threats exist for information technology environments, especially environments that contain sensitive information such as medical records. SLU’s Department of Information Security also receives notice from government agencies of ‘advanced persistent threats’, which sophisticated and organized cyber attacks.
“Because we’re custodians of the data, we have an obligation to protect it. Threats come in a variety of areas—people are trying to steal, to find space on networks to host illegal programs…there’s a variety of threats,” Waheed said.
Waheed said that the first task of the Information Security Team was to create awareness of information security threats and define the perimeter of what the team is trying to secure. The team did an assessment of the University’s risks and infrastructure. Waheed said that a crucial component of information security is keeping technology updated.
“Having a PC where we don’t pay attention to what software lives in it, whether it’s gone beyond its end life or beyond the support it’s providing [are risks],” Waheed said. “Those are risks that make us vulnerable to the outside.”
Waheed explained the need for upgrading operating systems through vendor-released ‘patches’. He said that the patches include data which show how the downloader is now secure, but also shows cyber criminals the vulnerabilities of those who have not updated their software.
“That’s what people use. People think hackers are the smartest people in the world. They’re criminal minded people that exploit people’s vulnerabilities. All that it takes is time,” Waheed said.
He also said that the key to information security is awareness of threats and preventative techniques. Waheed said that students should keep their spyware and antivirus software updated, not sending confidential information such as passwords and credit card information via email, and ensuring that when shopping online, students ensure that the site is secure.
“Look for basic parameters for security. A secure website has a secure socket layer certificate and in the browser bar has ‘https’,” Waheed said. “If someone’s making a decision on the internet to buy something from a site that doesn’t have those security parameters, it’s a risk they’re taking.”
Waheed also said that sharing copyrighted material through software such as BitTorrent can pose significant risks for students. He said that the University receives notification of copyright violations if the violation occurs on one of SLU’s IP addresses, and that “it’s not worth the risk”.
Despite information security threats, Waheed said that knowledge and awareness will keep users safe.
“We’re trying to be as proactive as we can. With five to six thousand computers, 8,000 staff members and the student body, the possibility that someone will download something with vulnerabilities exists,” Waheed said. “You can’t deny that. But we’re doing to monitor and mitigate has shown success.”
Junior Eddie Desecki agreed that information security can be achieved by staying sensible on the internet.
“Just keeping your information to yourself and staying off sketchy websites should keep you safe,” Desecki said. “I mean, I wouldn’t go give my credit card information out to a stranger, so why would I give it to strangers online?”
