Cyber Security Awareness Month

Cybersecurity Awareness Month - October 2025

A note from our CISO, April Sather

April Sather

As I embark on my 4th Cybersecurity Awareness Month at UCOP, I want to take a moment to reflect on the incredible progress we’ve made together over the past year. Thanks to your dedication and partnership, we addressed critical security vulnerabilities, strengthened our Duo multi-factor authentication, and achieved our BitSight rating stretch goal of 780, reflecting our enhanced cybersecurity hygiene. A BitSight rating is like a credit score, where higher is better; a high rating means it is tougher for attackers to break in. Learn more by registering to attend the Bitsight webinar on 10/22 . We also successfully rose to the challenge of the President's Cybersecurity Letter , reinforcing our systemwide commitment to protecting UC's digital assets.

This year, we’ve also made strides in securely enabling artificial intelligence at UCOP. AI offers transformative potential—but it also introduces new risks. In 2025, 93% of security leaders expect daily AI-driven attacks  , and incidents involving AI systems have surged by over 56%.   These threats underscore the importance of building secure and trustworthy AI systems. UCOP is taking a risk-based approach to AI governance, implementing strong access controls, monitoring, and compliance frameworks to ensure responsible deployment. 3

Cyber threats continue to evolve, especially those  driven by financial gain . Social engineering attacks targeting paychecks and personal information are on the rise. Please stay alert to suspicious messages, verify unexpected requests, and report anything that doesn’t feel right. In general, use long and strong passwords that don’t include personal information like name, school you attended, etc.; these are harder for attackers to guess.

Cybersecurity is a shared responsibility, and your awareness makes a difference. I encourage everyone to participate in at least one Cybersecurity Awareness Month event hosted across UC locations. These events are designed to be engaging, informative, and a great way to strengthen our community’s cyber resilience. Finally, know that we are your partner in security.  When you become aware of a security issue/vulnerability, let us know. Regardless of root cause, level of effort/cost to address, we will work with you to find a solution. Thank you for your continued commitment to keeping UC safe.

Warm regards,

April Sather Signature

April Sather
Chief Information Security Officer
UCOP & Systemwide Cyber Defense Officer (Interim)

 

1 Trend Micro State of AI Security Report
2 The State of AI Cybersecurity in 2025 and Beyond
3 AI Data Privacy Wake-Up Call: Stanford AI Index Report

 

By the Numbers - UCOP

  • 68% of attacks originate from email 1
  • 65% of internal (i.e., caused by staff) breaches in higher education were accidental 2
  • 35% of participants included personal information in their passwords 3
  • 40% of participants reported creating passwords using a single dictionary word or someone's name 2
  • 38% of staff admitted to sharing sensitive work information with AI without their employer's knowledge 2
  • 31% of internal (i.e., caused by staff) breaches in higher education were a result of inappropriate (e.g., excessive) privileges 2

2025 State of Cybersecurity report by Check Point
2025 Cybersecurity Attitudes and Behaviors Report by CISA
 2025 Data Breach Investigations Report by Verizon

 

What can you do?

  1. Notice alerts and notifications , especially ones informing you that:

    Something has  changed  :
    - Direct deposit information, password, phone number

    Something is  vulnerable or requires an update:
    Mobile device, app, laptop, desktop

  2. Enable Multifactor Authentication (MFA) whenever possible.
  3. Report incidents or suspected incidents to  cybersecurity@ucop.edu – Minutes Matter!
  4. Look out for  phishing (email),  smishing (text/SMS messages),  quishing (QR codes) and phone/voice calls from attackers trying to convince you to take urgent action. Social engineering remains a serious threat.
  5. Protect your identity. Sign up for the (free) Experian employee identity protection program.

 

Behind the scenes with Security

KURT EWOLDSEN - SUPPORT SERVICES MANAGER - CALIFORNIA DIGITAL LIBRARY (CDL) & UNIT INFORMATION SECURITY LIAISON (UISL)

Kurt Ewoldsen

Kurt Ewoldsen joined the University of California Office of the President (UCOP) over a decade ago. Before coming to UCOP, Kurt spent over 30 years working for Fortune 500 corporations within the insurance and financial services industries. With the extensive travel and constant stress, he was ready to make a change to something more meaningful than company profits. Kurt found what he was looking for at UCOP -- people who are passionate about their work, who want to make a difference, and are willing to put in the time and effort required to be successful as a team.

He serves as the Support Services Manager for the California Digital Library (CDL), which provides a systemwide digital library to the University of California (UC). The CDL’s primary mission is to support and amplify UC’s teaching, research, and public service through innovative digital infrastructure and services. Many of CDL’s staff use their own time to participate in broader organizations and initiatives within the library and research domains, such as authoring journal articles, participation on boards or committees and participating in organizations that support the scholarly community.

Kurt is also the Unit Information Security Liaison, spending 70% of his time focused on cybersecurity initiatives and problem-solving. “I serve as the conduit for information sharing and collaborative projects between my business unit and central UCOP IT security. I'm responsible for ensuring that my unit is aware of and compliant with all UCOP security policies and procedures.” Kurt is tasked with keeping his unit informed about current security threats, working with them to reduce associated risks and resolve security issues that arise – communicating clearly with UCOP IT security to ensure everyone is aware of their cybersecurity posture.

Ransomware is Kurt’s biggest cybersecurity concern, because many people around the world rely on CDL services like Calisphere, DMPTool, eScholarship and others (see  cdlib.org  for a complete listing), and his team has implemented many processes and controls in place to try to prevent it from happening.

Kurt values teamwork and leading with purpose to drive collective success. “I have the ability to apply my experience in cybersecurity to the needs of my business unit and UCOP, while also identifying the places where compromise is necessary to ensure our goals are reasonable and achievable.”

This Cybersecurity Awareness month, Kurt shares advice for UCOP staff, “Make security part of your normal operations and intentionally build it into your systems and your processes. Figure out what the reasonable amount of security is for your particular situation and then try to build it in from day one.” As CDL starts a number of AI-related activities, he works to ensure safe and secure engagement with this new technology, while encouraging exploration and innovation in this new space.

For more information visit the  University of California Office of the President (UCOP)  and the  California Digital Library (CDL)  websites.

Pause. Protect. Prevent. Zoom background.

LINKS