Just a month before the start of the Fall 2019 semester, Stevens was the victim of a major cyberattack that shut down its wireless network and impacted major services for weeks. Ever since, the Stevens Division of Information Technology (IT) has been working to strengthen its digital infrastructure with a new “Protect Stevens” program under the leadership of Tej Patel, Chief Information Officer, and Jeremy Livingston, Chief Information Security Officer.
On Friday October 29, IT hosted a “State of Cybersecurity at Stevens” virtual presentation to discuss the Protect Stevens initiative as well as answer questions from the Stevens community.
Within the Protect Stevens Program is the Security Operations Center that provides 24/7 monitoring and alerts of any security threats as well as the ability to immediately take action to mitigate any harmful attacks on Stevens systems. Network segmentation based on user roles helps prevent the spread of malicious software. Additionally, the Vulnerability Management Program, annual audits and penetration tests by third-parties, as well as certificate-based Wi-Fi access collectively ensure that the Stevens network is at its most secure state.
These cybersecurity measures at Stevens blocked a staggering 22,999,912 potential attacks/probes and just over 36,000 phishing emails in the past 90 days, according to data presented during the virtual event. Additionally, IT conducted 158 investigations into issues that could have turned into security incidents such as malware attacks or reports of unauthorized logins.
One of the most notable projects undertaken by IT is modernizing the sign-in process. The university transitioned to a more modern single sign-on (SSO) authentication system through DUO during the Fall 2020 semester. That solution was short-lived as it was announced in October 2021 that Stevens had partnered with Okta for a new “NextGen” identity and access management (IAM) system.
A major reason for the switch was that Okta replaces several separate systems and consolidates the authentication process. According to Jeremy Livingston, Okta enables a much more secure log-in system because it looks at 11 different factors such as a user’s IP address and location. Another major difference between DUO and Okta’s single sign-on feature, is that Okta enables a user to login only once to access all of their different Stevens applications, such as Onedrive and Canvas, on the same device.
Once all applications are integrated with Okta, it is planned that the familiar myStevens homepage will be replaced with an Okta portal. Additionally, students will be able to use Okta to change and reset their passwords. IT notes on their website that the transition will be gradual and that DUO will be eventually phased out.
Cloud security is also increasingly becoming a top priority for Information Technology as more systems move to the cloud. Patel said that the biggest challenge to cloud security is to “consolidate some of the data footprint we have created at Stevens to allow more reliability [and] flexibility for our faculty, staff, and students” all while making it more secure. Livingston added, “You can’t secure the data if you don’t know where it is” pointing to a data discovery program that is set to be launched in the coming months to identify where data, specifically sensitive data, resides in order to supply adequate security controls.
Looking towards the future, Livingston and Patel both expressed optimism for the role artificial intelligence will play in the cybersecurity program. In fact, Patel predicted that AI will become almost necessary as data continues to expand and the systems grow more complex, stating “As the attackers become more sophisticated, […] I don’t think it’s humanly possible for anyone to sit in front of a dashboard to keep track of all of these attacks. So, AI and machine learning will definitely be the key.” More specifically, Patel expects automation will be leveraged to not only monitor threats but also block attacks in real time.
Jeremy Livingston echoed those remarks calling true artificial intelligence a “game changer.” However, he cautioned that “as soon as there’s AI on the defensive side, someone is going to repurpose it for offensive.” That means potential threats will become increasingly more sophisticated and difficult to detect.
Resources available to members of the Stevens community include security bulletins that provide information on the latest scams, training for both students and staff, as well as a free antivirus software for personal devices.
Be First to Comment