Universities more vulnerable to cyber attacks, says cybersecurity expert following Winnipeg breach

Not a matter of if, but when: a cybersecurity expert explains why universities are more vulnerable to cybersecurity breaches. Joanne Roberts has the story.

By Joanne Roberts

On the heels of the University of Winnipeg’s recent security breach, where personal information of thousands of faculty, students and staff was stolen in a cyber attack, a cyber security expert says there’s a saying in her industry when it comes to security breaches: it’s not a matter of if – but when.

“These are really traumatic events and they are so disruptive to the organization as a whole and to the people within the organizations,” said Kathy Knight.


Related: Information was stolen during recent cyber attack: University of Winnipeg confirms


Knight, now an independent consultant and formerly the executive director for the Cyber Security Centre of Excellence at the Manitoba Institute of Trades and Technology, says universities in particular are more vulnerable in comparison to other organizations.

“The thing about universities is they’re very big, complex institutions … and they collect a lot of information and data that is very attractive to cyber criminals. So that puts them really, at the top of the list, in terms of attack targets,” she said.

“Cyber criminals, the ways that they have to inflitrate their systems and their attack methods are constantly evolving.”

Knight said because the risks are always changing, organizations need to be proactive in minimizing them. She said ongoing and vigorous security training for all levels of an organization is the best practice.

“You can have the technical barriers in place. You can have the best firewalls. You can have some of the best policies. But what is the most, probably challenging part, of that whole risk management scenario is how your people respond,” said Knight.

“There’s many factors that you can control but there’s just as many factors that you can’t control … all it takes is one person to click on the wrong link.”

Cybersecurity expert, Kathy Knight, says breaches are not a matter of if, but when. (Nick Johnston, CityNews)

With many schools turning to online learning over the last four years, the risk is higher than ever.

“We’re kind of, a lot, online with all of our courses and everything that way,” said first-year University of Winnipeg student, Keelyn L’Heureux. “Which is good for (an) education standpoint but maybe we’ll be less focused on the online aspects of the school after this.”

L’Heureux, whose information was stolen in the cyber attack, says she wants focus on locking down her information, but with the attack coming during exam time, she’s had to make difficult choices regarding her cyber security risks.

“I’ve been more focused on trying to get all of my information in line for exams and on studying, because that’s a bit more of a priority right now than the potential that my information’s being used,” said L’Heureux.

“Nowadays, it’s more likely that stuff like that is going to happen.”

University of Winnipeg student, Keelyn L’Heureux, says she’s primarily focused on making it through exams at this time. (Nick Johnston, CityNews)

After news of the attack, the University of Winnipeg offered a two-year credit monitoring service, which L’Heureux says she’ll be using.

“I’m just hoping with the two year credit watch that everything should right itself, as it should,” said L’Heureux.

Knight says it’s all about laying out the risks after a breach. She recommends everyone whose information was stolen to call their banks, change passwords on applications and enable multi-factor authentication.

“(Practice) your own personal cybersecurity hygiene on all of your devices. You’ve gotta think about it as you’ve gotta take care of your personal information as much as possible,” said Knight.

Top Stories

Top Stories

Most Watched Today