Brock’s Information Technology Services hosted a cyber security presentation in collaboration with Microsoft Canada Inc. in Plaza on Monday October 31. The presentation, titled “security in a mobile-first, cloud-first world” was hosted by Greg Milligan, former national technology strategist and currently the office 365 lead for education Microsoft’s team. There was an amiable atmosphere with an attentive audience keen on taking notes from the presentation. Students from the Goodman School of Business, Brock faculty, administrators and ITS staff were all in attendance.
Milligan began the presentation by showcasing the sobering statistics surround trends in the IT industry in relation to hacks and breaches. “We’re starting to see [hacks] not only in the financial sector with massive corporations but in the university and health care networks as well. There are a number of great reasons for hackers gaining access into these sectors,” said Milligan. Breaches take, on average, 229 days to simply detect so Microsoft urges users to assume people either have already or will breach your system. Hacks most commonly originate from browser plug ins like Adobe Flash or from clicking on a fraudulent attachment or document resulting in allowing access into your PC. “Organized criminals can go on the dark web and buy hacking tool kits. You’re not writing code anymore when you hack, you’re trying to do command and control and spread that control once you get into a network,” warned Milligan. Hackers have several options once they gain access to administrator domains including shutting down servers, causing damage to networks, data theft or encrypting documents and holding them ransom for large sums of money.
“In the past, hackers would cast out an exploitative code and hope users would give them access based off a general attack. Now we’re seeing more spearfishing which is a focus on one business or user based on reconnaissance from social media like LinkedIn or Facebook. Using fraud, hackers can even pretend to be CFO’s to get administrators to wire them money,” said Milligan. Another popular form of breaching a system is Strontium created domains that are website links that look legitimate but are not. Phishing, using information given over the phone under false pretenses for a later attack, is another way hackers can actually gain access and block users out of their personal accounts. You don’t even need to be called as hackers can call a service provider and get your information. They typically employ methods like pretending to be a spouse while playing a crying baby audio clip to gain empathy from call center employees. This is a powerful tactic as phone personnel simply want to help and are willing to change passwords based off of information that can be easily gained by browsing social media.
The presentation was hosted as the final day of cyber safety awareness month. For more information about cyber safety please visit brocku.ca/its/security where all information is discussed.