Opinion | Cybersecurity needs to be a priority for Iowa

With the increasing prevalence of hacking incidents, schools like University of Iowa must improve their cyber security to protect students information.



Computer Hacker Theft Hacking Security Padlock

Peter Anders, Opinions Columnist

Hacking is an unfortunate commonality in our connected online society. Every other week, it seems as though another high-value database or critical bit of infrastructure is being hacked.

The University of California experienced this first hand earlier this year, when they suffered a ransomware attack via their security vendor, Accellion. The hackers attempted to scare the targets into giving them large financial sums, threatening to post all the targets’ important information online for everyone to see if they did not.

The attack affected more than even just the school, as up to 300 other agencies and institutions also rely on this vendor to transfer files securely. The hackers did follow through on their promise and leaked private information of University of Maryland personnel online.

The University of Iowa and other high-learning institutions are not going to be immune from this. When one considers all the highly important and personal information on students contained within the university databases, this should be cause for alarm.

The university has a web page from the IT Security and Policy Office related to all aspects of IT security. Currently the university binds itself under an Institutional Data Policy, where the “confidentiality, integrity and availability of institutional data must be ensured to comply with legal, regulatory, and administrative requirements.”

These policies seem like they ought to be a basis enough for the university to have enough security in place. But hackers and data thieves are constantly one step ahead of defensive systems such as these, almost by their very nature. These defensive systems are always reacting to known vulnerabilities, unable to seek out ones they do not know exist.

An incident of this nature already was discovered over the course of November and December of last year by Jim Ridolfo, assistant professor at the University of Kentucky, and William Hart Davidson, associate dean of graduate studies in Michigan State University’s College of Arts and Letters.

Hundreds of college websites had already been hacked by essay mills, a business with the goal to provide cheating services for students at a high price.

What would have happened if these hackers and hacking companies had been after more nefarious data, such as student credit card and banking information, addresses, and other information that is oftentimes used for the purposes of identity theft and fraud?

Identity theft is now a more common tactic, and the perpetrators behind it are more enthralled by the financial prospects. Identity theft occurrences have already increased – as of 2021, as much as 42 percent of Americans are faced with some form of identity theft. Institutions such universities would have been none the wiser that this was happening until it was already far too late.

As far as we know, the UI’s cybersecurity does seem to be working. This may not be the case tomorrow, however, and the university is not trying to stay one step ahead of these nefarious agents because this is a very new problem that society has yet to fully grasp the dangers of.

The university needs to embrace the idea of putting all of its resources behind its cybersecurity and data protection. It cannot afford to have a “wait and see approach.” Our data and the information they have from students is almost more deadly in the wrong hands than anything we can think of and must be protected as securely as possible.

The UI needs to think one step ahead and take more steps now in protecting its software, instead of waiting until something happens.

Columns reflect the opinions of the authors and are not necessarily those of the Editorial Board, The Daily Iowan, or other organizations in which the author may be involved.