by Deirdre kelly
photography by chris Robinson
Thanks to the quick thinking of University Information Technology (UIT) staff, York was able to fend off a serious cyber attack last spring. A strike corrupted a number of York’s servers and workstations, disrupting productivity for 24 hours. Luckily, no sensitive data was stolen.
Since then, the University has introduced new measures to prevent such a breach from happening in the future, including two-step authentication to improve the protection of York accounts and data, as well as the modernization of key systems that take an inside-out approach to block unauthorized manipulations of internal systems.
“The rapid move to working from home has provided much more opportunity for cybercriminals, and some industry sources have indicated a fivefold increase in the amount of ransomware activity globally over 2020,” says York’s chief information security officer, Chris Russel. “Zoom and other remote collaboration tools have a learning curve to use securely, and cybercriminals take advantage of that when there are a huge number of new and inexperienced users. Awareness and training for secure use of those tools is part of the solution.”
Alerts about cyber security are now regularly posted to the York web page in addition to tips about how to avoid falling victim to outside phishing expeditions, fraudulent websites and other scams. Additional materials will become available in October, during what the University has designated cyber security month. Concurrently, York has deployed end-point detection and response (EDR) to most University PCs and laptops. The supercharged antivirus software enhances the University’s ability to protect, detect and respond to cyber events in devices being used remotely, outside the York network – a necessity in today’s work-from-home reality.
Still, vulnerabilities persist, both locally and globally. In May of this year, hackers attacked U.S.-based Colonial Pipeline using ransomware – malicious software that blocks access to a computer system – triggering the shutdown of one of the biggest oil suppliers on the continent. Canada wasn’t immune. The same month, hackers infiltrated Canada Post and, later, JBS USA, the world’s largest meat supplier, crippling operations at the company’s plants in Alberta, Ontario and elsewhere. The perpetrators are sophisticated criminal gangs like DarkSide, who, in the case of Colonial Pipeline, were paid a ransom of 75 Bitcoin – the equivalent of US$5 million, most of which was later recovered – to return stolen data.
The situation is complex and in immediate need of trained professionals to combat the proliferating posse of cyberworld bad guys. Enter York University’s cyber security certificate program, offered through the School of Continuing Studies in a new accelerated 12-week course format.
A speeded-up version of the five-month cyber security program originally launched at York in 2016, this intensive initiative quickly delivers the skills needed for this in-demand field. In Canada, the profession is growing annually by seven per cent, with an anticipated 3.5 million job positions opening up globally in 2021 alone, according to the Canadian Centre for Cyber Security.
Given that cyber breaches have become a daily occurrence, fast-tracking the next generation of cyber security professionals is a high priority for businesses operating today, says advanced cyber program instructor Ed Dubrovsky (MBA ’10), who contributed to the development of the curriculum surrounding network security engineering and vulnerability management within York’s cyber security program. In his role as a chief security information officer, Dubrovsky has handled over 3,500 cyber attacks – experience he brings to his new role with access management developer Qnext, where he acts as executive cyber advisor on issues surrounding global security and data protection on the international stage.
“Cybercrime has reached an unprecedented and explosive momentum, driven by skyrocketing ransom demands and fuelled by a lack of skilled defenders to protect organizations and governments,” elaborates Dubrovsky, who also sits on the University’s Cyber Security Advisory Board. “The training of ethical, skilled defenders has become one of the highest needs for modern digital societies.” ■