The LAE Faculty Forum series continued on Dec. 7 with a presentation from Dale Murray called “The Breach that Closes a College.” The forum showcased how harmful the weaponization of data can be, especially on college campuses. The discussion thereafter was led by Tony Hayes, UW-Platteville’s Chief Information Officer.
Murray discussed what cyber breaches entailed, what they looked like within campuses like UW-Platteville’s as well as how to try to prevent these cyber breaches from happening. Murray also gave some examples of colleges that have been affected by the weaponization of data.
Murray began the presentation by expressing his gratitude to the Universities of Wisconsin, faculty and staff at UW-Platteville and Baraboo-Sauk campuses, the Improvement of Learning Committee, the Humanities Department and many others who have helped Murray develop his book on the topic.
In the presentation, Murray explained in detail how the weaponization of data in America has increased since the outbreak of COVID-19 as more people are online-oriented now. He went on to explain that “A ransomware attack is a special sub-group of cyber-attacks where an organizations’ network is infiltrated, their data is taken and then basically held for ransom.”
With this data, the ransomware is used to take control of the computer file or data and do as the holder sees fit. This stolen data, according to Murray, can be rendered useless as the data taken can be corrupted while it is in the hands of the people behind the ransomware.
“For universities, there is risk of loss of reputation, loss of student enrollment, lawsuits that will be filed,” Murray continued. “And even if the lawsuits are repelled, you still have legal expenses that remain.”
Following this, he brought to light the tragic happenstance of the cyber-attacks on Lincoln College in rural central Illinois that eventually lead to the college closing after 157 years of continuous operation through wars, pandemics and the Great Depression.
“In December 2021, Lincoln suffered a ransomware attack that blocked access to all institutional data, and this created an unclear picture of fall 2022 enrollment projections,” Murray said. This college, similar to UW-Platteville, was a smaller college or university with a big reputation. These types of schools are ideal targets for ransomware attacks as they often are easier to infiltrate and still yield a high financial reward.
Another case was on Jan. 18, 2021, at Midland University in Nebraska where there was a sophisticated malware attack to which the university acted quickly with their own investigation into the problem after a professor did not receive their paycheck. The Midland IT department worked fast to isolate one server so the malware would not spread.
Many organizations who are victims of these cyber breaches may find it advantageous to pay the ransom money to get their data back in hopes to get their organization up and running again so as to not cause delay in funding or student enrollments. With that, there are moral and costly disadvantages such as encouraging these attempts on colleges and universities as well as the loss of funding the rebuild of the organization during the shutdown caused by the breach.
Murray also explained, “If you pay the ransom, there is no guarantee that the tool that is supplied to you in exchange will actually decrypt the data.” The colleges or universities that involve the authorities often are not allowed to pay these ransoms as police are community orientated and do not negotiate on these matters.
Following Murray’s presentation, Hayes added his own insight on how UW-Platteville is being targeted every day and that these attacks are real and scary to think about even for himself. “Research data, class notes, grades, anything that is digital is at risk,” Hayes continued, “it is not just at risk of being lost, it is at risk of being sold.”
Hayes left the presentation section of the forum with preventative actions that students, professors and staff members on campus need to take to protect data, being that everyone needs to be careful with what data is being shared online.
“When it comes to security, each of us are the guardians, the protectors, of our data with our behaviors and the things we do,” Hayes said.