IT security to be strengthened ‑ this is how Mid Sweden University is doing it
The government has given Swedens universities and colleges the task of strengthening their IT security. This also applies to Mid Sweden University. But what does that mean for us? And what is it that we need to protect?
Mid Sweden University will increase its IT security. In the regulatory letter for 2023, there is a requirement that all universities and colleges must report on how the higher education institution has worked to develop its information security and how it plans to meet future needs. The report that the Infrastructure Department is now working on must be submitted to the Government Offices no later than October this year. Eva Rodin Svantesson, Daniel Berg and Kenth Näsström from the IT department have answered the questions.
What does it look like today and what do we need to change?
– We have created a cross-functional group that is tasked with working operationally and strategically with IT security issues. The group's task is, among other things, to identify areas for improvement and be responsible for ensuring that the work is carried out. We are also working on the recruitment of an IT security specialist to strengthen ourselves further in the area. At the same time, we work to identify mission-critical IT infrastructure and ensure that we have, among other things, adequate backup routines, recovery plan and staffing, we produce training materials to raise IIT security knowledge throughout the organization and we conduct exercises in cybersecurity.
IT attacks or cyberattacks – is Mid Sweden University exposed to it and if so, how many are there?
– Mid Sweden University is exposed to many threats and attacks on a daily basis. The number varies greatly over time and is often related to the external situation.
What is it at Mid Sweden University that we need to protect and what can happen in the worst case?
– We will protect information and based on the classification regarding confidentiality, accuracy and availability, protective measures are developed. What could happen is that unauthorized persons access the information, that it is not accurate or available when it is needed.
"In extreme cases, a successful ransomware attack could completely knock out Mid Sweden University for a long time. Financial loss is also possible through the use of employees' account information and/or phishing or the like.
How protected are we?
– Our level of protection is at average and in some cases even higher than equivalent higher education places. However, we see IT security as an area we need to further sharpen due to the current situation in the outside world. A large part of the mass crimes in fraud have become or are about to become completely digital, which we must take into account. Threats from antagonists such as other states, industrial espionage and influence campaigns are also increasing in scope. All in all, this means that we will sharpen ourselves in IT security.
Have attacks increased since the war in Ukraine started? Why is that?
– We do not measure attacks in this way, but the answer without statistics is yes and the authorities that work to compile these types of statistics in Sweden say unequivocally yes. Unrest in the world, especially where countries such as Russia, China, North Korea, Iran and the like are included, normally generates more attacks. Partly because they fund things through cybercrime and the louder the noise (many attacks) there are in the world, the easier it is to hide in it and not be detected.
What do ordinary employees need to think about?
– It is important for all employees to know what it looks like and what we need to do on an ongoing basis to protect ourselves. Some of the measures may involve changed working methods for everyone, which an understanding is needed in the organization. If we do nothing, there is a real risk that the impact will be very large.