It is pretty apparent that the cybercriminals now at play are not there for the glory of being able to breach. They are effectively running a money-making operation. The unintended consequence of COVID-19 is that most drug cartels have seen a decline in their revenue as the movement of drugs has been severely limited with border closures. As a result, they have pivoted and adapted their business to continue thriving within the present constraints. Drug cartels have entered the world of cybercriminals, and it is essential to note that they are not afraid to cause harm to life or completely shut down an organisation.
Because of this, we need to embrace modern secure ways of working. While it might seem inconvenient, taking an additional minute to use multi-factor authentication is more productive than having no access to systems for research, teaching & learning for over a month. The cost of operating in an unsecured manner is rising, and UC is committed and invested in uplifting our security posture.
UC staff and students need to be vigilant. We need to ensure that we are doing the security basics at work and at home. Head over to the UC cybersecurity page to learn about what you can do to keep yourself and UC safe https://www.canterbury.ac.nz/its/cyber-security/
We are working hard behind the scenes to improve our security posture. Below are some of the exciting initiatives:
- Improved our email security, enabling detection of forged email address and making it harder to spoof email from UC
- Improved our patching cadence to ensure that UC is protected from threats.
- Improving the security of the student and staff digital identity by implementing multi-factor authentication (MFA) to all staff and extending this to students in tIn the coming months.
- Deploying endpoint detection and response (EDR) protection to all UC managed endpoints. This gives protection to endpoints to prevent, detect, investigate, and respond to advanced threats.
- Developing a security strategy that is a pragmatic, actionable, living plan fundamental to guiding the University to achieve its security objectives and business objectives. It informs the governance, principles, architecture, assessment, and ongoing operational delivery of the Universities cybersecurity services
- Rewriting our Policies & Standards to make them easier to understand. Policies to articulate high-level statements of UC’s management intent, expectation and direction for security governance. Standards provide guardrails that ensure that policy requirements are met.
- Cybersecurity awareness training campaigns for staff and students to embed fundamental principles to improve University culture.
- We are launching a Security Collective comprising security champions within functional areas to promote, advocate and facilitate safe practices.