The age of internet innocence gets less innocent every day, Boston University announced.
In an email to faculty and staff, President Robert A. Brown announced the University’s plan to tighten cybersecurity measures following a December phishing attack that saw the BUworks usernames and passwords of 10 employees stolen and their direct deposit paychecks siphoned to outside accounts.
That attack on BU, as well as on other higher education institutions, revealed to administrators the relative vulnerability of University information technology networks and information systems. “We have focused on sound policy, user education, and detective controls to secure information,” Brown writes in his letter. “While this approach has supported creativity and productivity, it now increasingly places us at risk—particularly in comparison to less open organizations. Cyber-criminals choose softer targets, as we have just experienced.
“Social engineering techniques such as ‘phishing’ take advantage of people’s trusting natures and are increasingly sophisticated and deceptive,” he continues. “We must strengthen our technological means to help protect our information in order to forestall these kinds of attacks and limit exposure if they succeed.”