When was the last time you forgot your laptop or phone at a coffee shop, bookstore, library, or restaurant, only to find it still sitting where you left it when you rushed back in, panicked, a few minutes later?
When was the last time your car, office, or home was broken into and something was stolen, but you weren’t sure what? These are places you think are secure, perhaps even alarmed, but were still vulnerable.
We usually think of something like this in terms of what we would have lost (“my whole life is on that phone!”) rather than what someone else might have gained. But was there a USB key sticking out of your laptop? Is your phone password-protected? Is someone else’s personal information on any of your devices? Can these devices be used to access other systems?
When we relax our attention, these thefts are more frequent and other security threats become more prevalent. We need to build awareness and ensure we have the resources to build prevention into our technologies and services.
Most people in our communities are unaware of the massive number of attacks that occur behind the scenes on our systems. Occasionally, an individual may get caught in a phishing attempt, or maybe they get a virus or malware on their personal computer. These threats are only a fraction of the threats out there and even though the personal costs may seem significant for those impacted, the cost of prevention and remediation to the organization as a whole is a significant part of our operations today.
We need to be aware of these threats and we all need to ensure we do what we can to help identify and prevent them.
In terms of email we see an incredible amount of spam and malware coming to our border. At Queen’s, we might see about 14,000,000 incoming messages in a given month and close to half of those messages are intercepted at the edge and rejected as spam. The University purchases and maintains special hardware to make sure the vast majority of these messages don’t make it to your inbox.
Through public education, the community is becoming more aware of phishing attempts and usually ignores them, but accounts are frequently compromised and Queen’s has to expend considerable resources to mitigate the risk that these accounts pose. Occasionally these accounts send out massive amounts of spam. ITServices has to keep scripts in place to identify and throttle these accounts before Queen’s is blacklisted and our email systems come to a crawl. Information can also be stolen from these accounts and the costs to repair that are hard to quantify. At the moment we only scan Queen’s outgoing email for spam, but there are tools that prompt machines to scan email for things like SIN and Credit Card Numbers and notify the user to a double check before they let the message go out.
This isn’t unique to Queen’s and in the last few days we have seen the following posts at Western and Carleton, reminding the community about threats.
At Queen’s, we also run an intrusion detection/prevention system on our network. Between January 14, 2013 and January 14, 2014 we blocked just under 20,000,000 ZeroAcess Bots connection attempts. These are a type of Trojan horse malware that affects Windows systems. In addition, we blocked over 700,000 ICMP: Nachi-like Ping attacks, which is a family of Worms that attack systems.
There are thousands of other attacks and the threat is significant.
On top of the intrusion detection system, we need to ensure our services and servers are not vulnerable to these attacks and exposures. In 2013, Queen’s did 231 security assessments, some with external resources and some with internal resources. These take a lot of time, but they are preventive in nature and well worth the mitigation that they deliver. We plan for these assessments to be done on new services as well as services that have undergone upgrades. We also monitor what is happening elsewhere and assess where we feel there may be heightened risks.
In addition, we have numerous compromises that we have to deal with on an emergency basis. The assessment, mitigation, and recovery take significant effort. Not all of these compromises are preventable, but education, knowledge, and awareness do come into play.
I hope this information has increased some awareness around the number of threats that Queen’s faces and reinforced the notion that security is a concern for all of us. We need to have strong policies in place, make sure there is user-awareness, that individuals have access to the tools they need, and that we invest appropriately to prevent intrusions and their associated clean-up costs.