Cybersecurity Awareness Month Newsletter

Welcome to Cybersecurity Awareness Month from CISO Kevin Hardcastle

Dear WashU community,

Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online.  Now in its 17th year, Cybersecurity Awareness Month is observed around the world, as cooperating partners and institutions join the effort to educate and empower the public to protect their data and privacy online.

The challenges of the past year demonstrate that online safety is more important than ever. Like institutions worldwide, WashU made a rapid transition to a largely remote workforce in response to the COVID-19 pandemic. As a result, we’ve seen a heightened demand for digital capabilities in communications, teaching, research, and patient care. Our community has persevered in this upheaval, and we continue to advance our institutional missions in research, education, and patient care, even in the midst of an ongoing crisis.

As we strive to meet the challenges of a largely remote workforce, the security of our systems and data is more important than ever. During moments of rapid change and uncertainty, criminal opportunists seek out and exploit gaps in the security strategies of institutions and the knowledge of workers confronted with novel situations. Our vulnerabilities are their opportunities. These bad actors specifically play upon our fears through phishing and social engineering campaigns related to the pandemic and associated instabilities. For example, the Google Threat Analysis Group (TAG) reports that their systems saw 18 million COVID-related malicious emails and 240 million COVID-related spam messages each day in the month of April. Further, TAG identified over a dozen government-backed attacker groups employing COVID-19 as part of phishing and social engineering campaigns attempting to lure victims into clicking malicious links and downloading malware (Huntley 2020).

A strong information security strategy that includes an informed and empowered community of users is essential to protecting the important work we do here at WashU. Cybersecurity Awareness Month is a well-timed opportunity to advance our efforts to bolster our strategy. Throughout October, the Office of Information Security will offer events, activities, and resources to highlight today’s most important information security topics. The overarching theme for the month is “Do Your Part, #BeCyberSmart,” and we are here to help every member of our community gain the knowledge and tools to stay safe online.

The month of events kicks off on October 8 with a webinar featuring our new Chief Information Security Officer (CISO) for the School of Medicine, Joe Susai. The events will continue throughout the month with opportunities to learn about how to stay safe online through webinars and virtual presentations. Please visit our Cybersecurity Awareness Month page for information about everything we’re planning this month, and follow us on Twitter (@WUSTL_InfoSec) for up-to-date notifications about alerts, updates, and additional resources.

The Office of Information Security is proud to help protect our institution in the ever-changing information security landscape. The strength of our security depends on the awareness and knowledge of each of us. Information security is a shared responsibility, and we rely on your vigilance and cooperation to protect our community. We’re in this together. Please join us at our October events and learn more about how to “Do Your Part. #BeCyberSmart.”

We appreciate all that you do to help keep our institution secure.

Sincerely,

Kevin Hardcastle

Chief Information Security Officer

Washington University in St. Louis