Regis’ Inaugural Cyber Summit Features Practical Prevention Strategies

Event offers statistics and tactics in fight against cyberattacks

 

If your organization hasn’t been the victim of a cyberattack yet, it will be. It’s not a matter of if, but when.

That was the consensus at the inaugural Regis Cyber Summit held recently.

The goal of the conference, which brought together more than 150 IT experts and leaders from government agencies, law enforcement, education and private companies, was not to discourage. The Stronger Together summit offered statistics, strategies and ideas for battling the pervasive and growing threat of cyberattack, and encouraged attendees to be prepared – and to share information. 

Those who shared wisdom gained through experience included Regis University Chief Information Officer Jagan Gudur, who described how a 2 a.m. call from concerned IT staff on August 22 brought an abrupt end to the business-as-usual preparations for the fall semester. 

Suspecting a cyberattack, Gudur and his IT team quickly shut down Regis’ systems, including the network, website, emails and phones.

With only days until the start of classes, nothing online – including student schedules, instructors’ syllabi, office phones or copiers – was accessible.

“It was a crisis of the highest order” for the Regis community, Gudur said.

He said the attack was timed to cause maximum disruption and likely originated outside the United States, although the perpetrators have not been identified.

Gudur said he and other Regis leaders decided restoring the existing infected system was too risky, instead electing to rebuild, which took longer but enhanced the security of the entire system and provided an opportunity to rethink the IT infrastructure. Despite the disruption, the University was able to start on-campus classes on time and online classes were delayed only one week.

For Regis, emerging stronger includes merging the Anderson College of Business with the College of Computer and Information Sciences, to equip students in both disciplines with the skills to manage technology in business. Regis will continue to offer its bachelor’s and master’s degrees in cybersecurity among other data science courses.

Deborah Blyth, chief information security officer for the State of Colorado, shared how the Colorado Department of Transportation (CDOT) handled a cyberattack that crippled its systems in early 2018, knocking out 1,300 workstations and 400 servers. The agency was able to continue traffic control and snow removal systems, so public safety was not jeopardized, she said. 

Between the costs of restoring its system, penalties for project delays, and other expenses, the episode cost taxpayers $1.7 million, said Blyth, a Regis alumna.

Numbers like that should help convince organization leaders of the wisdom of investing in systems and plans to deter attacks, several of the more than a dozen speakers said. 

Many also offered statistics to bolster those arguments: In 2019, there were 41,686 information system hacks in the United States, Homeland Security Investigations Special Agent Ryan Johnston said. Of those, 69 percent originated outside the country, and most were directed at small business or the public sector – organizations less likely to have the resources to protect themselves from attacks. 

At Arrow Electronics, IT staff constantly monitor for unusual activity, said Patrick Hellman, vice president for IT. Hellman, a Regis alumnus, said Arrow sends phishing emails to employees, and those who take the bait get mandatory training to help them avoid such mistakes in the future.

There is no such thing as perfect security, said Bob Bowles, director of the Center for Information Assurance Studies at Regis. “But with continuous effort, you can reduce risk.”

For Regis, the cyberattack provided opportunity for growth and reflection. As a Jesuit institution, Gudur said, “We consider ‘how ought we to live?’  So how does one person become a cyber hacker and another become an IT provider” who advances communication systems?

At Regis, he said, the mission is to educate students who not only become experts in IT, but also use those skills in service of others.