01 July, 2020
As I am sure you are aware, ransomware has been used to extort large sums of money from organizations around the world. There has been a sharp increase in such attacks on organizations conducting COVID-19 research and universities in particular.
In a recent unfortunate incident this month, the University of California at San Francisco had to pay $1.14 million dollars to hackers in order restore confidential data that was held ransom by hackers. Ransomware cyberattacks are a big business, so big in fact, that research anticipates a business is attacked by a cybercriminal every 11 seconds and damage costs from these attacks will hit around $20 billion by 2021.
In addition, the education sector happens to be the third most targeted sector for ransomware attacks after the manufacturing and government sectors.
To date, there have been no reported cases of ransomware at KAUST. We are, however, a global University with students, researchers and professionals supporting our mission all around the world.
As such, the senior leadership team are taking the threat of ransomware seriously. To combat the threat, continuous backup and extreme vigilance have become common worldwide and should also be in place at KAUST.
While our Information Security team led by Ed Sleiman is working to mitigate cybersecurity risks and defend our University from cyberattacks, I can’t emphasize enough that security is everyone’s responsibility and everyone should play a role in strengthening our cyber resilience.
To support the KAUST Information Security Team, I urge all of our community members, especially those entrusted with keeping research data, to be extremely vigilant. Hackers will try to trigger some of our emotional motivators such as fear and curiosity to social engineer their way into KAUST to steal confidential data and research.
Social engineering is the art of manipulating people into providing confidential information that they wouldn't otherwise provide. It also can take many forms like phishing (email), vishing (phone calls) or smishing (through text messaging). So, think before you click.
While we work at being better human firewalls, the Information Security Team continually assesses our cybersecurity risks and mitigates them by applying security controls. These measures are put in place to reduce our chances of a devastating cyberattack similar to the one UC San Francisco suffered this month.
I have asked the Information Security Team to provide a cautious and considered approach to protecting our community and to prioritize the need for appropriate measures to protect the University while also minimizing the impact on conducting our business and I have full confidence in their approach.
While our Information Security team led by Ed Sleiman are working to mitigate cybersecurity risks and defending our university from cyberattacks, I can’t emphasize enough that security is everyone’s responsibility and everyone should play a role in strengthening our cyber resilience. Cybersecurity education and awareness is a constant challenge and we all have to contribute by being better human firewalls.
For questions or for more information, please contact askinfosec@kaust.edu.sa.
To protect your personal computers, please download a free version of the University’s anti-virus software.
Thank you for participating in keeping our community safe from cyberattacks.
Yours sincerely,
Jason E. Roos Chief Information Officer
