Cybersecurity Month and Phishing Response

October is Cybersecurity Awareness Month in the United States, and at Marist University, cybersecurity has become a hot topic due to recent phishing scams. In late August, a series of phishing emails was sent to many members of the student body, and the cybersecurity department has been working diligently to protect against future attacks since. But what is phishing? What exactly is the cybersecurity department doing to prevent it? And what can students do to help? 

What Is Phishing?

“Phishing is someone trying to get information out of you,” said Director of Cybersecurity and IT Infrastructure, JP Montross. “After they collect login credentials, they impersonate the person for some sort of financial scam.” 

First, scammers send a seemingly credible email to ask you to give your personal account information. After these scammers get your credentials, they can access internal files, collect information and sell it or use your identity to get other students’ credentials.

Phishing could threaten private information on a large scale. Thankfully, the cybersecurity team has been working hard to defend Marist and its students. On the day of the first hack, the attacker attempted 44 rounds of scam email attacks, and the team was able to stop 15,000 of those emails. Students can trust that the cybersecurity team has what it takes to protect their data, but how exactly does the team fight against hackers?

What Does the Team Do?

A key method the team uses to prevent phishing emails from being sent is to limit the number of emails that a Marist email account can send. Hackers will often attempt to send a very large number of emails at once to make themselves look credible and collect as much information as possible. By limiting the number of emails that can be sent, the hackers are forced to guess the email limit through trial and error.

“Hackers lower emails sent until they find the right number to get through. Usually, attackers get frustrated, but this one is very persistent,” said Montross.

Depending on the frequency of attempted attacks, the team may scale the number of emails that can be sent by students. Already compromised individuals have previously been limited to a 50-email-per-day limit, and as of Oct. 21, the average student has been limited to a 500-email-per-day limit. For most students, this limit means very little, but for club leaders, it may serve as a great inconvenience when trying to communicate with club members.

Thankfully, the team is willing to cooperate with students who reach out. 

“We are happy to work with folks with legitimate needs if that’s what they need to be successful,” said Montross.

What Can Students Do?

When asked about what students should do to help prevent future phishing incidents, Montross had a few key pieces of advice. First, he recommended being very careful with your passwords and who you give them to.

“You wouldn't hand a stranger your car keys, but for some reason we'd hand a stranger our passwords, our Duo codes,” he said.

Next, he suggested reaching out to the help desk immediately: “Accidents happen; the quicker that you let IT know, the faster we can respond.”

Students can also get more information from the Phish-Bowl video series on the Gone-Phishing website. The team also holds informative events in the Dyson Business Center throughout the year and posts newsletters via email, so students are encouraged to stay tuned.

Cybersecurity as a Study 

Cybersecurity is not only a key aspect of online safety but also a growing industry with a wealth of opportunities. Marist alumnus and Manager of Cybersecurity, Brendan Ross ‘12, is an example of the potential that prospective students hold. 

“When I was a student, cybersecurity was not a major focus, but the computer industry has changed, and therefore cybersecurity is more of a career path,” said Ross.

For students looking to get into the IT industry, the cybersecurity team has some advice. 

“You need to understand how IT works; you can't defend a computer system if you don't understand how systems work,” said Montross.

Cybersecurity is multi-faceted, with opportunities for ethical hacking, hacking defense, policy writing and audits. The team has several students whom they’ve hired, giving them the opportunity to get hands-on experience in the field.

Cybersecurity Month serves not only to raise awareness of threats to privacy online but also as a reminder to thank the people who work diligently to keep our data safe from those who profit from misfortune. Remember, next time you have trouble with your logins to thank the heroes behind the screen who keep our school safe from cyber threats.