After a breach of more than 300,000 personal records — including students’ social security numbers — at the University of Maryland, College Park, UT information security officials said while the University has a strong security program, any system can be hacked.
Cam Beasley, chief information security officer at Information Technology Services, said UT’s cyber-security system can keep students’ information secure.
“We maintain a comprehensive information security program and a number of layers of security controls in place [such as] annual campus-wide IT risk assessment, security monitoring, security awareness training,” Beasley said. “There is also a great rigor assigned to any third party that the University might decide to pursue.”
The University has not been without security breaches in recent years. In 2006, confidential information of more than 197,000 past, current and prospective students were compromised through a computer in the McCombs School of Business. The records included names, dates of birth and Social Security numbers.
Beasley said University security systems are just as susceptible to hacker attacks as other institutions.
“If an attacker is extremely dedicated and focused on breaching a system, they will not stop until they have exhausted all logical, physical and social attack vectors,” Beasley said. “These targeted attacks can be extremely challenging for any organization to defend against.”
Shane Williams, senior information technology manager, said these cyber-attacks are often inevitable, even with the security universities provide.
“The current trend following these kinds of incidents is to bemoan that institutions aren’t doing enough to protect our personal information,” William said. “In some cases, this is a totally valid criticism. Other times, though, an institution has made every reasonable effort to protect their systems and their data, and a determined attacker still manages to gain access.”
Williams said it’s important to distinguish between the university systems that are trying their best to protect students’ records and those that are not doing enough.
“As an increasingly electronic society, it’s critical that we make distinctions between these two ends of the spectrum in information security in order to put pressure on those institutions that really aren’t bothering to protect us, while providing appropriate assistance to those that did everything right and still fell victim in spite of their efforts,” Williams said.
Computer science sophomore Nikita Zamwar said she believes most students are diligent about keeping their personal information secure.
“Even though a lot of students are really strict and careful about protecting their personal information, it kind of defeats the point when the university doesn’t do their job,” Zamwar said. “If there was a breach here I’d probably freak out, and I’d probably get really mad at UT.”