State’s chief information officer talks cyber threats

Kirk suggested limiting digital footprints to avoid information theft

DARA EMAN | The Daily Evergreen

Agnes Kirk said universities are vulnerable to attack.

SANG JUNG, Evergreen reporter

College students, thanks to the large amount of time they spend online, are one of the groups most vulnerable to digital attacks, the state’s chief information officer said during a summit Wednesday.

Hosted by WSU Information Technology Services, the event was the second annual summit to increase public awareness of cyber security.

Agnes Kirk, Washington state’s chief information security officer, was the keynote speaker at the event. She said students should be knowledgeable on different cyber-attack methods, who the adversary is, and ask themselves if they have the resources necessary to protect, detect and respond to such attacks.

“Personal health information is the number one target for identity theft,” Kirk said, “because information pertaining to insurance is vulnerable to the attackers.”

Kirk also said college students are also great targets, because it’s easy to get information from their presence online.

Kirk noted the power and the sophistication of cyber threats, noting the evolution of ransomware, which is a type of malware designed to prevent users from accessing their computer system until a ransom is paid.

WannaCry and Petya, Kirk said, were some of the most recent ransomwares that resulted in the infection in many computers.

Kirk said some cyber-attacks can be prevented by doing what she calls ‘the cyber hygiene.’ She suggested that users minimize their digital footprint to prevent the increasing chance of cyber threat. She also emphasized the importance of enabling two-step verification, such as Google authenticator, and using one credit card for all online purchases.

“People should get a free credit report from the [Federal Trade Commission] only – we need to make sure no one has used our info to create debt in our names,” Kirk said.

Other session speakers included Chris Schreiber, a Consulting Systems Engineer with FireEye.
Schreiber said phishing is still the primary method of entry into personal information, which the email is the most common format.

Schreiber also noted the high vulnerability of stolen credentials for higher education officials, for it is highly valued to the attackers for its accessibility otherwise unavailable information.

Schreiber suggested that cyber awareness and training needs to be required at all levels of organizations, and to implement comprehensive malware prevention. He also suggested using multi-factor authentication.

“Cyber security is not a project that has a finish line,” Schreiber said. “We should incorporate security into daily practice, to always be thinking of how we could do better than yesterday.”