Most students remember the ransomware attack last semester that dramatically changed finals week for students, faculty and staff. Nearly six months removed from the cyber attack, The Bachelor met with members of the Wabash community to evaluate the aftermath of the incident, and address steps Wabash took to beef up its ability to combat cybersecurity threats.
Last spring’s attack, in which hackers infiltrated some of Wabash’s servers and attempted to extort a ransom from the College in exchange for access back to its data, threw everyone for a loop during one of the most critical points in the year.
Dr. Colin McKinney, Associate Professor of Computer Science and Mathematics at Wabash, spoke about some of the challenges he and other faculty faced while important systems were offline, including having to hold classes at the Crawfordsville Public Library.
“I held one of my finals there [the library] instead of here on campus because it wasn’t clear there was going to be reliable enough Internet access on campus,” McKinney said. “It also made reporting grades very difficult; we had to basically do it all on spreadsheets and email because those were the only systems that were still up.”
Some systems like Canvas and Outlook stayed open because not all of the computer systems the College uses could be infiltrated since they are not systems managed by Wabash, and thus were not susceptible to a breach in Wabash’s security. Others, comments McKinney, were not affected but shut down on purpose.
“A lot of the systems that went down we chose to take down,” McKinney said. “The concern was what systems have been compromised, and which ones aren’t compromised, but could be if we left them up.” The nature of an attack like Wabash suffered last spring is that once a hacker has access to the passwords and data of an individual, it is a race against time to prevent the hacker from accessing information and data of other individuals who store their data in the same network or system. Isaac Grannis ‘26, a Computer Science and PPE double major, explained.
“People are really scared of just clicking on a link for the most part nowadays, but that’s not really how most phishing attacks happen,” said Grannis. “The primary way that phishing attacks work is getting you to download a file and open up that file. The hacker might say, ‘We want to finalize this business deal, this ad, or we’re sending you some files to look over.’ So it’s all ultimately geared toward getting you to open that file.”
A phishing email is what precipitated the attack during finals week, said Brad Weaver, Director of IT Services at Wabash, and why in the aftermath of the security breach the college began sending out fake phishing emails, enabling the IT department to gather data on how many people fall victim to a scam email, as well as to educate on how to best resist phishing emails. Weaver is confident this will prove beneficial to the Wabash community.
“It’s probably too soon to draw a definitive answer, but generally the more exposure and awareness people have to phishing emails the greater their ability is to look at a message and think critically about if that’s the real thing or not,” Weaver said. “So our hope is to prepare everyone through the simulations before they get real scam messages.”
Weaver believes that Wabash improved its cybersecurity since last year’s attack, with more robust security includ- ing a private firm that guards the Wabash network 24/7, upgraded antivirus tools, and more two-factor identification processes. However, Weaver acknowledges that the odds are stacked against cybersecurity personnel seeking to keep up with the ever-changing threats created by hackers.
“It’s important to understand the way in which the game is stacked against Wabash or any other company with information,” Weaver said. “The goal is to reduce success, and then failing that, because we know there will be some inevitable failures on that front, taking additional steps to prevent the kind of escalation that we saw in May where a single phishing account doesn’t lead to wide scale disruption.”
Grannis concurred, noting the back and forth nature of the battle between cybersecurity and cyber attacks. Even so, he expressed confidence in Wabash’s ability to respond to potential attacks moving forward.
“I am confident in our ability to deal with future issues; again, there will always be the human element. We can’t stop that, but I think we are much better prepared.”