This is the first of a series of updates from the CIDO to share key information and context to build awareness and understanding of risks and opportunities in the Security and Information Management arena. It underlines why everyone's involvement is such an important part of the University’s drive for secure data management.
Many people will have seen a recent news item about a cyber-security attack on University of California San Francisco.
"It is an important story for us all to digest: https://www.bbc.co.uk/news/technology-53214783
Unpleasant and unsettling, this news story tells us that no-one is immune. The HE sector is as vulnerable to organised and random cyber-crime as any other. Perhaps more so, as traditionally, Universities have held their culture as one of openness in sharing learning and knowledge for the public good.
But today things are different. Our values may make us wary of the rules and controls needed to protect ourselves and our institution from attack, but current news reminds us of current risks. Echoing the UCSF situation, the UK Government’s National Cyber Security Centre has noted a particular rise in cyber-crime exploiting the coronavirus pandemic.
Our personal and professional information assets are fundamental to all our work, our value and our reputation as an institution. We have committed to a University-wide data security and information management programme as a positive investment to safeguard these assets. We have a strong programme of governance and process works to enable us to implement change, innovate and collaborate more securely, but we need the support and understanding of everyone at Warwick to make this work."
“Attackers put far more effort than might be expected into penetrating systems. These targeted attacks are harder to spot within the ever-present background noise of opportunistic and untargeted malicious activity. The majority of the low-level, mass attacks together with the harm caused by well-intentioned but misguided people within the organisation, who misconfigure software or do other things, not out of mischief but by mistake, can be countered by good cyber hygiene. That is what we mostly promote.
For the higher-end attackers, we need to follow expert guidance and make things hard for them in the hope that they will go somewhere else or that we will spot them and evict them. We are a high-value target because of the amount of valuable information we have and because universities are seen as easy targets, which they often are.”
A message from Professor Stuart Croft, Vice-Chancellor and President:
“Members of the University Executive Board collectively underline the importance of the Information Security Change Programme. We need to take greater care of our data - this is truer now than ever. The University-wide change programme will help us to work more securely for the benefit of teaching and learning, our intellectual property, research and management.
This Programme and the work that flows from it needs understanding, commitment and action from everyone at Warwick. There will be guidance and help available, with training and support and expert assistance, but we must all adopt the new standards of security without exception, working together to secure our future.”
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW