In early August, ghastly numbers revealing just how vulnerable the world’s online community really is, gave the world a cyber-slap in the face. 1.2 billion usernames and password combinations and 500 million email addresses were stolen; mass amounts of sensitive and unsecured information were taken from billions of people via the medium of 420,000 corrupt websites.
Seeing that this cyber attack was the largest cyber attack in history, anybody with an online account is vulnerable – that includes Sonoma State Seawolves. Seawolf Accounts have sensitive information including financial and class information, so online security for the Sonoma State community must be up-to-date and effective to deter hackers.
“Most of the cites that were compromised were compromised through SQL injection attacks, a particular type of vulnerability that is common in websites. I’m not aware of any vulnerabilities on Sonoma State’s website at this point, but the biggest danger that this poses to Sonoma State is from people reusing passwords,” said Andru Luvisi, information security officer at Sonoma State University.
Password vulnerability is the reason that Sonoma State Students and Faculty have to change their Seawolf Account passwords so frequently.
“I would never call anyone safe. Websites are being broken into all the time. Security is hard. In order to keep an attacker out, you have to make sure that there are no flaws in your software that your attacker could exploit,” said Luvisi, “In order for the attacker to succeed, they only need to find one flaw. It [cyber security] requires knowing the attacks, and knowing how to defend against them, and this is something that not all programmers are fully educated in.”
When asked what kind of attacks Sonoma State has been victim to in the past Luvisi said, “Because we are on the Internet, people are attempting to attack us all day everyday. As far as successful attacks go, we have had some systems compromised; fortunately, they have generally not been systems containing data intended to harm people.”
Luvisi conveyed the message that the community of Sonoma State University does not have anything particular to worry about – just remember to use a unique, never before used, and well hidden password for your Seawolf Account.
Nate Johnson, Sonoma State chief of police and executive director for risk management, internal control and information security, emailed a media release to the Sonoma State community regarding the Russian Cyber Attacks stating that, “While this incident has not affected Sonoma State University, it does serve as a good opportunity to remind people about tips to better protect confidential data.”
The press release that Police Chief Johnson sent out, included many useful tips for protecting your Seawolf account and other online accounts. Those suggestions include keeping all saved passwords safe by taking measures such as password encryption; passwords should consist of a minimum of eight characters; do not let others know your password; select the “sign out” option when finished with a program instead of just exiting out of the browser and make sure that your computer has an automatic sleep feature.
Sonoma State has an information security office along with an informational website. It’s program goals are 1. Identify and manage information security risks and liabilities 2. Ensure compliance with all applicable laws, regulations, contracts, and California and CSU policies 3. Communicate responsibilities and minimum requirements. For more information on the Information Security Office, including information about the mandatory Sonoma State University online Security Awareness training, visit security.sonoma.edu.
Although Sonoma State is not affected by this most recent large-scale Russion cyber attack, that does not mean that Sonoma State University and its campus members are not at risk. In today’s digital world, nobody is safe – but that is why we take precautionary measures to promote online security. So remember, change your password often, make it complex, and keep it close.