October is Cyber Security Awareness Month, and NC State is fighting to keep its students, faculty and staff secure. “Protect the Pack: Secure State,” the month-long CSAM event, ends this week.
The event has sought to make university members aware of potential security threats, and is co-sponsored by the Office of Information Technology, the Department of Computer Science, the ePartners program and the NC State Engineering Foundation.
The FBI Cybersquad held a presentation in the Talley Student Union Coastal Ballroom Thursday to present its own cyber resources and discuss cyber threats facing students.
At the presentation, students had the opportunity to win prizes, as well as apply for internships.
Because of the large number of students and the secure information that is stored, NC State is a frequent target of cyber attacks.
“There are probably 30 or 40 [account compromises] that happen a month,” said Marc Hoit, NC State’s chief information officer and vice chancellor for OIT.
As a whole, CSAM seeks to ensure that people know how to defend themselves against the most common types of cyber attacks.
“Awareness is really just the most important piece of our cyber security program,” said Leo Howell, the assistant director for information security risk and assurance.
Awareness is key in defending against phishing, which is how most cyber attacks occur today. Phishing is when someone pretends to be someone else in order to trick a user into giving up secure information, usually a username and password.
“When you read about hacks, everyone assumes it’s a technology problem,” Hoit said. “A majority of the problems that we have now have actually moved into what they call social engineering.”
Often times, attackers will pretend to be authorities or trusted figures such as police officers or tech support.
“The things that people are doing, it’s actually pretty scary,” Hoit said. “They watch the death notices; they pretend to be insurance firms or the mortuary. They look at tax notices and pretend to be tax agents. Maybe there’s something medical in a car crash, and they call you call you pretending to be the insurance company.”
This year’s event stresses the importance of activating “2-Step Verification” on university email accounts. The system requires users to enter a special code sent to their cell phones once a month in order to access their emails.
If a user enables this feature, then hackers will not be able to access his or her account, even if they have obtained the username and password.
“Ninety-five percent of breaches will be ineffective if we just have that one thing,” Howell said.
Hoit is also confident in the abilities of the system.
“We have compromised accounts on a regular basis, so that’s just a part of our life,” Hoit said. “But the two-factor [verification] will reduce that significantly, so we’re hoping to move everybody to that.”
Looking forward, CSAM hopes to prepare students for their own futures.
“[Students] are the future folks that are expected to be out there to know this stuff and help others,” Hoit said.
