Cybersecurity during Christmas: the user is key

The organization of cyber and information security is interesting, but not just to the university. To criminals as well. “That’s exactly why I can’t share too much with Cursor,” says Bart Luijten, the newly appointed head of Information Management and Services (IMS). Still, there are a few questions Cursor doesn't want to leave aside. After the cyberattack aimed at Maastricht University last Christmas, Cursor wonders whether TU/e should also be worried in the period ahead.

by
photo Zephyr P / Shutterstock

The upcoming Christmas season will be a period of reduced (online) on-campus activity, closed buildings and less supervision. Therefore, it’s not strange that people start to wonder whether the university faces an increased risk of a digital break-in during the holidays. “From a threat perspective, Christmas actually isn’t that different from the rest of the year,” Luijten says. “It’s not as if cybercriminals drop by more often when people are away on holiday. It may even be the other way around: people receive fewer emails during the holiday season and consequently click on emails less often. That also reduces the risk of something going wrong, because much of the external threat comes in via phishing mails and people clicking on links. But we will certainly not be any less alert during Christmas.”

From prio to top prio

When we ask about the policy concerning cyber and information security, Luijten can’t divulge too much information. “The university has a policy in this area, naturally,” he ensures us. “But that’s something we rather not communicate, due to clear security interests. In general, I believe that the discussion should be centered around the question of ‘what can we do to keep our community safe,’ instead of ‘what do we need to do when things go wrong.’”

“We certainly learned a lesson from Maastricht, but I would like to turn it around: it would be strange if we hadn’t learned anything. It was a very painful affair, but it also opened up a debate at every university in the Netherlands about the importance of cybersecurity. That’s a good thing. Maastricht led to questions: what’s our situation? We have independent audits for that, but we have our own tests and exercises as well. Cybersecurity went from being a prio to a top prio, and in the future I would like it to become a common part of information service and how we deal with that. Prio sounds like something we focus on for the moment. However, digitization is developing at such a rapid pace that it has become something we will need to get used to, it won’t go away. Cybercrime is in constant development also. It’s very lucrative and has few risks. A good industry for people with bad intentions.”

Strong framework

“We use a basic framework for information security at TU/e. That first creates a basic security level. You estimate the risks, mobilize knowledge and skills to deal with cybersecurity, protect your systems, and make sure that your networks are secure. This will prevent someone from simply going from one network to the next, for example. When something does go wrong, you detect. That’s why it’s important to monitor properly, so that you quickly notice any abnormal network traffic in time. Next comes the response: when we notice something, we will switch off things as quickly as possible, such as the servers for example. The last step is recovery: restoring back-ups."

"Recovery is linked to the business model of criminals: paying to get your data back. You do as much as you possibly can to ensure that it doesn’t get to that final step. And even you do get there, you could even restore the data yourself with good back-ups. It’s also very important not to focus exclusively on back-ups: every step of the above-mentioned chain needs to be in order. Criminals are looking for a server with a weakness. That’s where the user is so very important again: don’t postpone that update. People often think ‘I’ll do it tomorrow because I’m too busy.’ Don’t. That update is there for a reason: to prevent weak points in the chain.”

That update is there for a reason: to prevent weak points in the chain

Bart Luijten
Head of Information Management Services
Annoying thresholds

Luijten believes that it is important to be clear about the fact the security measures also happen to bring about changes in user experience. Luijten: "We feel that login thresholds and extra vigilance are normal with internet banking, but we soon find it ‘annoying’ in a work setting. But it requires a different mindset, because when you’re at work, you’re not just responsible for your own data (such as with internet banking), but you’re also co-responsible for the (data)security of the entire organization. Your individual behavior has an impact on that."

At the beginning of 2021 Cursor will sit down with Luijten once more to zoom in further on his first observations and vision on information service at TU/e.

Share this article