Cyber Security Awareness Month

Cybersecurity Awareness Month - October 2024

A note from our CISO, April Sather

April SatherFrom extreme weather events to food recalls, alerts generated by our vehicles to advisories on emerging viruses, we are inundated with warnings. The sheer volume of alerts can lead to desensitization, making it easy to tune out the ‘noise’ and focus on the task at hand. Cyber alert fatigue is no different.

Are you tempted to delay or dismiss that reminder to update your system, enable MFA, or change your compromised password? Unfortunately, that is a luxury we cannot afford. Compromised credentials and weaknesses in systems and software can be exploited by attackers within hours, leading to a crippling ransomware attack. Our industry is in the crosshairs, and attacks (often automated and powered by artificial intelligence) are increasing in speed and ingenuity. Check Point Research reports that:

“The education/research sector was the number one most attacked industry globally, seeing a 53% increase in Q2 2024 compared to Q2 2023, with an average of 3,341 attacks per organization every week.”

Fortunately, the small, smart choices we make every day can make a difference, and reduce the risk to UCOP systems and data. Read on to learn more.

I hope you have a chance to get involved with Cybersecurity Awareness Month by registering to attend one of the virtual Cybersecurity Awareness Month events taking place across the system, and downloading this year’s Zoom background. April Sather signature

 

 

By the Numbers - UCOP

  • There are currently 8,320 compromised UCOP credentials circulating on the dark web. This includes both current and past staff. These are just a fraction of those found in a dump of over ten billion credentials recently posted to hacker forum. (Internal & Bitdefender)
  • Breaches involving stolen or compromised credentials took the longest to identify and contain (292 days) of any attack vector. (IBM Cost of Data Breach report)
  • The average cost of a data breach jumped to $4.88 million from $4.45 million in 2023, a 10% spike. (IBM Cost of Data Breach report)
  • Employee training was the top factor mitigating average data breach costs. (IBM Cost of Data Breach report)
  • Cloud environment intrusions increased by 75% year over year. (Crowdstrike)

 

What can you do?

  1. Notice alerts and notifications, especially ones informing you that:
    • Something has changed:
      • Direct deposit information, password, phone number
    • Something is vulnerable or requires an update:
      • Mobile device, app, laptop, desktop
  2. Enable Multifactor Authentication (MFA) whenever possible.
  3. Report incidents or suspected incidents to cybersecurity@ucop.edu – Minutes Matter!
  4. Look out for phishing, smishing and an emerging tactic involving QR codes - quishing.
  5. Protect your identity. Sign up for the (free) Experian employee identity protection program.

Minutes Matter Zoom Background

Links

Behind the scenes with Security

Sajjad Matin

Principal Counsel – Cybersecurity and Data Protection

Sajjad Matin

Sajjad Matin joined the Office of General Counsel in May of 2022. Matin is the Principal Counsel, Cybersecurity and Data Protection at the University of California Office of the President, where he has a great deal of experience and responsibilities.

“I love learning new things. That's one of the reasons I came to UC. I get to work with a lot of talented people and every day brings new issues to decipher. And most of these issues come to me because they don't fit neatly into any other bucket within UC Legal. The boundaries of ‘cybersecurity law' are fuzzy enough that I am often asked to help. So, I ask questions, a lot of questions. And I bring in other experts at UC into the conversation, subject experts in UC Legal, as well as those in security, privacy, and elsewhere.”

With various career experiences, Matin gained new skills that he has been able to apply in his role at UCOP.

“Early in my legal career, I worked as an intellectual property litigator in the Silicon Valley and then worked as in-house counsel at VMware. Those experiences exposed me to the more technical aspects of information and network security, experiences especially relevant to my current position.”

Matin shares that his research experience has allowed him to gain an understanding within the health field.

“My past experiences have given me special insight into the concerns of these stakeholder groups. Before law school, I was a graduate researcher in biomedical engineering. My research on spinal cord regeneration was conducted in affiliation with a health center, so I have an appreciation of the work and concerns of our academic, health, and research communities.”

Matin graduated from Berkeley Law and has fond memories of his time there. It's one of the main reasons why he wanted to come back to UC.

“My journey back to UC was driven by a commitment to public service and a desire to do meaningful work at the intersection of technology, law, and policy. UC's reputation for fostering innovation and scientific discovery is renowned, as is its collaborative environment. I knew that UC, with moving parts spread over 10 campuses and 6 health centers, would have novel legal concerns and issues impacting many. I am fortunate to have had the opportunity to join the Office of General Counsel as UC's Cybersecurity Counsel.”

Serving as primary legal support to UCOP's Office of Information Technology Services and Cybersecurity Audit Team, Matin advises UC Health, the Faculty Senate, and the UC campuses on a broad range of cybersecurity and technology matters.

“We have experts on the field who are our information security officers and our analysist, if there's a breach, they know what they're doing, and they can handle it. I'm lucky because at the Office of the President, we have very capable people who are making these decisions. I ask questions, my role is to stay in the loop and ask questions in order for me to provide legal guidance I need to know the situation.”

Matin has the opportunity to experience a high level of success within UCOP due to the camaraderie and expertise between his colleagues and himself.

"That's the beauty of it, we actually do have subject matter experts in everything within our own IT field, within IT security, as well as the professors and I think that's the best part, is being able to work with people from so many different areas of expertise that really do know what they're talking about."