Everything from personnel and institutional records to the way many employees work could be threatened. Depending on the breach, the impacts are hard for many employees to imagine. And most importantly, how real such a threat is in the modern world cannot be overstated.
Northeast Community College faculty and staff recently got a taste of it during in-service.
President Leah Barrett was only a few minutes into her PowerPoint presentation to the faculty and staff when she lost control of her computer screen. The screen went black, and a message asked if she wanted to pay a ransom -- click yes or no.
Barrett told the roughly 500 faculty and staff members at the Lifelong Learning Center that she hoped the message was a joke. Soon, the message was off her screen without her clicking anything, and there was a buzz among the audience that it might be real.
“Hopefully my PowerPoint presentation comes back up,” she said.
Then her computer went back up before crashing, and the crowd let out a collective groan. Barrett began to ad lib, deviating from her presentation. Some of the people who work in the information technology division left to try to figure out what was happening.
A person in the crowd yelled out for Barrett to turn off and on her computer, and many in the audience laughed. It temporarily lifted the mood.
Eventually, Barrett told the crowd that the incident was a setup to bring attention to the importance of cybersecurity and the guest speaker, Shane Perrien, chief information officer at Midland University in Fremont. Midland experienced a similar hack a few years ago.
Perrien relived the horrifying experience as he answered questions from David Cone, Northeast chief information officer, and Renee Peters, Northeast executive director of security and technology. Perrien said the fake prompt delivered on the Northeast computer was close to what Midland experienced.
Fewer than five people knew Barrett’s initial presentation was fake to reach the desired outcome – getting people to pay attention to the importance of cybersecurity.
Midland was breached in June 2019 and the hacker was dormant for roughly 18 months. The attack began on Jan. 18, 2021, and was detected the next day. All files on servers and workstations were impacted.
Before unleashing the attack, the hackers dug around and searched through some 65,000 files at Midland.
The IP address of the “bad actor” was in Denmark but they were located in Germany. Attempts were made to contain the virus, but it was too late. And the college’s backup system had failed. Security officials with other colleges assisted.
Fortunately, Midland did have cyber insurance, and was able to figure out when the system was breached and how they did it. With the insurance company, a negotiated ransom that was less than initially requested was paid. When Midland went to renew its cyber insurance, the premium quadrupled.
One of the points made was that each employee accessing a computer on the internet can let in a bad actor, who then could shut down the college. Even clicking on a suspicious email can cause significant damage.
After Perrien’s talk, Northeast employees engaged in a discussion about building its cybersecurity safety. Both Cone and Peters said they appreciate Midland’s willingness to be open and share information to help others, including other colleges and universities besides Northeast.
Cybersecurity talk
David Cone (closest to camera), Northeast chief information officer, discusses the importance of cybersecurity during in-service. Also shown are Renee Peters, Northeast executive director of security and technology, and Shane Perrien (center), chief information officer at Midland University. (Northeast Community College)
###