October is Cybersecurity Month at URI and across the nation. With data breaches reported on a regular basis, and new cyber threats—from ransomware attacks to identity theft—emerging daily across the globe, it’s evident that everyone must be aware of cybersecurity and of their own vital role in it.
URI is embarking on a month-long email marketing campaign aimed at sharing tips and vital information with faculty, staff, and students—all aimed in keeping information secure. A member of the URI Communications and Marketing team recently asked Karlis Kaugars, URI’s chief information officer, a number of questions on this vital topic.
5 questions with URI IT and cybersecurity expert Karlis Kaugars
1. What is the most widespread cybersecurity threat we should be aware of in the U.S. and here at URI?
Business Email Compromise (BEC) continues to target both the public and private sector. This threat attempts to use email attacks to gain access to confidential or highly sensitive information. A university is an attractive target not only for identity thieves but also various foreign entities that find tremendous value in the intellectual property of our world-class faculty. From hull designs to electronics and pharmaceuticals, we are engaged in research vital to our national interests, and industrial and state-sponsored hacking threats are and will continue to be of significant concern.
2. What is your opinion on how big technology companies, such as Facebook and Google, use consumer data?
It seems clear, given the recent news reports about the misuse of our personal data, that these organizations have not done an adequate job of disclosing how they are using our data. This is true for not just the large tech companies, but many individual startups as well, and we should all keep in mind the phrase “If you are not paying for it, YOU are the product to be sold.” Much of the economic model of the tech boom is built on selling data about individuals.
Tech firms should be required to clearly state what information they will be selling to whom and be held accountable when they violate these agreements. It may be nearly impossible to write blanket regulation on these issues—each service may offer individual benefits sufficient to offset the marginal loss of privacy, and blanket regulations about data sharing will limit individual freedoms and stifle innovation.
3. Cybersecurity covers a lot of ground. What specific areas of cybersecurity do you think most individuals should be concerned with?
As quickly as we have improved cybersecurity in our data centers and databases, the bad actors have found ways to infiltrate through indirect attacks. Malware apps, bogus links, and spearfishing email are all targeting individuals around the world. We need to harden end-point computers, phones, and tablets, while maintaining a continuous training and education program for our faculty, staff, and students. Most of all, we all need to increase our vigilance against the flood of seemingly innocuous attempts to access our data. Simply downloading a new app and granting access to that app could open up your contacts, photos, phone numbers, calendar, and even Wi-Fi access to hackers.
4. How do we balance our need/desire for new technology (Alexa Home, smart TVs, home systems that run off our phones, etc.) with protecting against cyber threats?
Security must keep pace with innovation. Too many products today do not incorporate even basic security measures. Government and industry need to work together to ensure that security measures are baked in at the design and development phase of any device, sensor or service. Given the current state of cybersecurity in these areas, I would not recommend the purchase of any of these internet-connected devices with the possible exception of an internet TV—and that only if you are willing to share your TV viewing habits with the world beyond your cable TV provider.
5. What initiatives is URI Information Technology Services involved in to help protect against cyberattacks?
Over the past year, we have added staff to this critical area, launched a campus-wide educational and training program, rolled out new email threat protection systems, offered new encrypted data storage options to our community, developed high-security computing environments, and taken many other actions to improve cybersecurity at URI. We have an outstanding IT Security organization in place working in the background to protect our community, and I hope that this month’s campaign will further raise awareness across campus.