With Laurentian University still restoring IT systems nearly two weeks after being hit by what it’s calling a “cyber incident,” a cyber security expert said bringing systems back online after such attacks can be a lengthy process.
Other Ontario organizations that have recently been impacted by cyber incidents of one sort or another include the City of Hamilton (whose IT systems went down just this week), the Toronto Public Library, several Ontario hospitals and the LCBO.
Ritesh Kotak is a lawyer whose area of practice includes cyber security, and who also used to work in big tech and in law enforcement in the area of cyber crime.
He said common cyber attacks would include introducing malware to a system or gaining unauthorized access to a network.
Without knowing the specifics of Laurentian’s cyber incident, Kotak said the length of the system outage could vary.
“We've seen organizations come online relatively quickly, so within a few days be back up to 100-per-cent operational,” he said.
In the case of the Toronto Public Library, even months later “I don't even think they are still fully operational,” he said.
He said the first thing that organizations do when being hit by a cyber attack is to “stop the bleeding, stop the exfiltration of the data leaving the systems or being accessed by unauthorized individuals. And the best way to do that a lot of people think is just turn off the systems. So you usually see some sort of outage.”
He said organizations then need to look at their systems before they’re turned back online because “vulnerability may still exist,” which includes looking at physical servers and devices that may need to be reformatted or replaced.
“You won't really know the true extent of the damage until a complete forensic audit is completed,” Kotak said.
Cybersecurity ‘requires time and money’
Kotak said with cyber incidents such as those experienced this winter by Laurentian University, organizations are now starting to realize that cyber security is “important and requires continuous investment.”
“It is not a checkbox exercise, but it requires time and money, and, you know, adequate investments just haven't been made.”
With more of our lives migrating online, there’s more entryways for hackers to exploit, he said.
“One thing that we've learned is that when it comes to cyber security, it's like whack-a-mole, you figure out two ways of solving a problem, and three new ways to create a problem pop up,” he said.
“You have to continuously be on it, and you have to make the appropriate investments.”
Laurentian cyber ‘incident’ began Feb. 18
Laurentian University said it is currently recovering from a cyber incident that first came to its attention Feb. 18.
“Upon our discovery, we immediately took steps to secure our network and mobilize our expert partners to assist,” said information on the university’s website.
“We have contained the issue, are in the process of restoring services, and investigating, and understanding the incident’s impact.”
Students were on their reading week break when the cyber incident was first reported, but classes have since resumed at Laurentian, with many IT systems still down.
Laurentian said the incident has been reported to law enforcement.
“We appreciate that this incident raises privacy concerns; this is top of mind and we will provide updates as they become available,” the university said on its website.
Since the incident was first reported, Sudbury.com has twice requested an interview with senior leaders at the university on the subject. Both times, including our most recent request on Feb. 26, the university declined.
“All of our leaders are focused on the problem at hand and, as such, are not available to provide an interview,” said an email from Laurentian’s communications department.
The email pointed us to the university’s website, which is mostly still down, with the exception of information about the cyber incident. “We continue to update it as often as possible,” said the email from Laurentian communications.
A virtual town hall meeting about the cyber incident was held via Zoom Feb. 27, with another scheduled to take place March 1. Sudbury.com plans to attend the March 1 meeting to get more information.
Besides Laurentian’s website, other systems that are impacted by the outage are the university’s on-campus wifi and its D2L system, the teaching software used by professors to communicate with students.
“Re-establishing access to D2L is a top priority as we know many students and faculty members (both online and in person) require D2L to teach classes, progress through their courses and submit assignments,” said Laurentian’s website.
University employees have also been asked to report to an IT kiosk to have a cyber security software called SentinelOne installed on their laptops.
Faculty teaching under challenging circumstances
Fabrice Colin, the president of Laurentian’s faculty union, said his members are currently trying to teach under challenging circumstances, not having access to the D2L teaching software or wifi.
“It's an inconvenience for many faculty members who are using that system,” said Colin, who’s the president of the Laurentian University Faculty Association (or LUFA).
He said his members are also concerned about any potential privacy breaches that may have occurred during the cyber incident.
Another concern is the SentinelOne software being installed on laptops, as Colin said it tracks online activity of users, which raises privacy concerns.
In terms of when Colin thinks things might be back to normal at Laurentian, he said “that’s the million-dollar question,” and he hopes it’s soon, although the fact that the outages have gone on this long leads him to believe “it was quite a serious problem.”
Heidi Ulrichsen is Sudbury.com’s assistant editor. She also covers education and the arts scene.
