Episode 2

Protecting Academic Institutions from Ransomware and Other Forms of Cyber Attacks

Educational institutions have been the target and victim of ransomware attacks. Garry Scobie, Deputy Chief Information Security Officer, The University of Edinburg, spoke at length with Dr. Dave Chatterjee on protecting academic institutions from ransomware and other forms of cyber-attacks. The very engaging and informative discussion covered a lot of ground ranging from identifying the most significant threats to reviewing the challenges of dealing with such threats and making recommendations on how best to secure the academic institution and its stakeholders. Garry shared several good practices, one of which was creating the Champions Network to enhance cybersecurity awareness.

Memorable Garry Quotes/Statements

"The solution needs to be appropriate, affordable, proportionate, and realistic to the perceived level of threat. It is all about taking balanced risks."

"At the end of the day, it is all about the basics and doing them well. The basics are the hardest thing to do and get it right. It is all about people, patches, and processes."

"I am paid to be paranoid."

Timestamps

3:20 – What do you see as the single biggest threat right now?

5:51 – How do you go about protecting the organization and its people from ransomware attacks?

7:44 – Students engaging in risky online behavior, the open and interconnected university environment, and budgetary constraints are common challenges when trying to secure academic institutions. What are your thoughts?

10:04 – Could you speak to the importance of education and training to reduce the risk of cyber-attacks?

12:51 – Is there anything in particular that academic institutions should be doing when it comes to offering cybersecurity training programs? What are some key elements of an effective cyber training program?

15:05 – How do you create an atmosphere where the internal customers feel comfortable coming to you for advice and recommendations and you are able to engage in a candid conversation?

18:16 – How you effectively communicate information security-related information? What incentive mechanisms are likely to further motivate the user community to seek and comply with the information security guidelines?

20:41 – There are some positives to the academic units being responsible for securing their data and related digital assets. Along with the authority, comes the responsibility, comes the accountability. Your thoughts?

22:36 – How would you create information security awareness among students, help students make good decisions?

25:59 – What are the kinds of things you would do at the backend knowing you have vulnerabilities at the frontend?

28:57 – What are some other threat vectors that concern you?

31:21 – What is a good day for you at a professional level?

34:12 – Is no news good news?

36:15 – Are you likely to gain greater stakeholder attention and cooperation by doing a presentation about the different threat scenarios and their consequences?

40:37 – How do you ensure that intelligence test reports are immediately reviewed and acted upon?

42:04 – What advice and recommendations would you have for peers at other academic institutions?

45:23 – How do you assess cybersecurity performance at an academic institution?

50:32 – Any final thoughts?


Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.