Oct. 24, 2024
Learn to adapt and excel in the ever-changing digital world
As we have become a more interconnected and international society, and as more major company hacks and data breaches make headlines, the conversation around cybersecurity has changed, says an instructor at the 91做厙輦⑹s .
Ten years ago, you didnt know anybody whod ever been hacked, it wasnt something we talked about, and now its , its , its a , a or even public , says Dr. Leanne Wu, BSc03, MSc10, PhD20, associate professor (teaching).
Theres just a lot more familiarity with these things. We used to assume, Someones server is down, its probably a technical error, and now were like, Oh, somebodys been hacked.
Wu says the stereotypical image of hackers has changed from that of a figure alone in a dark basement with a ball cap and a hoodie (always navy blue; never black or maroon, for some reason!), to the reality of an office worker delivering on a team project, just like everyone else.
This shift has allowed cybercriminals to scale their attacks for the complexity of the computer systems and infrastructure they are exploiting.
Threat actors use urgent language to trick people into not using critical thinking when engaging with their content. Breaches happen when individuals are busy or stressed and are not paying close enough attention, making it far more likely for them to miss a warning flag or to mistake a person misrepresenting themselves as a legitimate contact.
Its not if anymore, its when, says Wu. We know these kinds of attacks are targeting organizations with fewer resources and a weaker technology infrastructure. All they need is one person to click on the wrong thing at the wrong time and not take appropriate measures after.
Its important to keep cybersecurity top of mind, and, if there is a breach, to report it as quickly as possible. is a good way to rebalance what youre doing with what you know, and make sure its aligned with what UCalgary is committed to doing.
Its not about it being punitive, its about protecting people and data that might be involved, says Wu. The faster people report breaches, the faster we can put out the fire or limit the damage.
We cant fix what we dont know about.
Generative AI and cybersecurity
Generative AI has changed the cybersecurity landscape, helping cybercriminals find and create loopholes and vulnerabilities by generating matching code, creating more convincing and sophisticated phishing emails, and even using deep fakes (which go beyond altering celebrity photos) to trick friends and loved ones into believing the messages they receive are real.
Generative AI also creates a security concern for users of large language models (LLMs) like ChatGPT, where individuals may accidentally or unknowingly input proprietary or sensitive information into the tool, or where organizations havent checked their security settings and dont realize that their stored cloud data is being used to train LLMs.
On the cloud is just a different way to say, stored on other peoples computers, says Wu. Its a good idea for people, especially researchers, to consider whether or not their data should be encrypted if its connected to the internet, and if it needs to be stored online in general.
UCalgary is dedicated to protecting its researchers and the work they do. All researchers, and faculty and staff who support research, should take the and visit the to review the five ways threat actors use to gain access to research data.
Do you need this data, or is it just convenient? The privacy question
Even with all the changes to the digital environment, most people can agree on what cybersecurity means keeping your data away from people who shouldnt have access to it but privacy can be more nuanced due to personal and cultural values and lived experiences, which can make some more cautious about privacy than others.
Privacy is about how we choose to limit the access of use of data for those with permission. 91做厙輦⑹ Privacy Policy is a good starting point, but may not determine whether someone feels harmed by a privacy-related issue. Some individuals may have more specific privacy wants or needs that may make them more vulnerable or sensitive to potential harms.
A good example of this can be found in the new that prompts users to think about how student data (such as grades) are protected from external third parties (even family members). While some parents may be accustomed to believing they have the right to information about their child, (FOIP) states that there is an expectation of privacy for all adults including university students. And, as a public-sector institution, UCalgary must gain appropriate consent before sharing a students personal information, such as grades, with parents to properly adhere to that law.
As a staff member, its one thing to use someones UCID number on an internal system for business purposes, such as HR or expense management, and entirely another to encourage others to share their UCIDs freely via email in a way that could potentially lead to more serious privacy breaches.
Wu says that theres a good rule of thumb to follow when it comes to data privacy: Its better not to collect it if you can, not save it if you dont have to, and to get rid of it as soon as youre done using it.
For more information about 91做厙輦⑹ data-retention and access to information and privacy policies, please visit the FOIP office and the (MaRRS). Annual required cybersecurity and privacy awareness training is available for all faculty and staff, as well as annual required research security training for faculty and staff who perform and/or support research. Please complete the training within 45 days of receiving the automatic course registration emails. Graduate assistants will be required to complete this training starting in January 2025. .
Human error is the No. 1 reason for cybersecurity and privacy breaches, says Mark Sly, director of IT Security. The consequences of which are too significant to ignore. Threat actors have realized that information is both the target and the weapon. Taking the available training ensures our faculty and staff are educated to make better decisions in cybersecurity, privacy and research-security situations.
Wu is facilitating a Privacy for Educators: What you need to know about your students privacy workshop with the Taylor Institute for Teaching and Learning on March 25 at 2 p.m. .