Update on cyber security given to Cornerstone board

A team of IT experts are keeping a watchful eye on the cyber security of the computer systems for the Southeast Cornerstone School Division, the board of trustees heard at their meeting just before Christmas in an update from Brian Belinsky, manager of Information Systems.

He went through the current security applications that they use, including Microsoft advanced threat analytics, ThreatStop, Cloud App security, SS8 and iboss.

article continues below

From Microsoft, they get a report monthly of any suspicious activities, and Belinsky said they have noticed that eight-character passwords are no longer secure enough as they once were.

“What you want now is a long set of characters, not just eight characters,” he said.

SS8 generates and analyzes network data from internal communications, and provides solutions to quickly identify, track and investigate suspects and devices of interest.

A service called ThreatStop automatically blocks malicious IP and DNS connections which can stop threats like ransomware, phishing and botnets from infecting a network.

Belinsky said this service is “on the cutting edge of security” that provides the “best-in-class threat intelligence.”

It also uses infrastructure that is safeguarded against criminals that use VOIP servers to relay their calls and provides geographical filtering on regional, country and postal code-level granularity.

Another tool is the Cloud Access Security Broker, which provides control over data travel and sophisticated analytics to identify and combat cyberthreats for all cloud services.

The iboss cloud secures user Internet access on any device, from any location, in the cloud, with a focus on following users instead of perimeters to ensure that Internet access is always secure.

One major source of threats come from the DarkWeb, as identities and locations of darknet users stay anonymous and cannot be tracked due to the layered encryption system. The darknet is used for illegal activities, such as illegal trade, forums and media exchange for pedophiles and terrorists.

Belinsky said there is an easy way for a person to check if any of their devices or computers have been compromised, by going to https://haveibeenpwned.com/, and it will provide a list of compromises, including which passwords were hit and by what source.

Cornerstone had a full-time security analyst position up until March 2016, but when that position was cut, the manager of Information Systems, two network analysts and a system analyst have assumed additional security duties, and are monitoring the school division’s systems with the above-mentioned services.

“The security of all of our data is of primary importance,” said Belinsky, who noted the analysts’ work includes identifying network vulnerability, and identifying and analyzing identified security issues.

In the first nine months of 2019, ransomware infections hit over 500 U.S. schools in 100 districts, and in Canada, in one week in late November, three school districts were hit with a ransomware attack that affected and encrypted nearly all servers in their district.

The rise of ransomware means the total cost of damages related to attacks using cryptographic file-locking software could reach $1 billion this year, said Belinsky, and he pointed out that using any of these applications will not guarantee there will be no ransomware attack on Cornerstone, as there are many ways a hacker can compromise a network.

One source of help for the school division has been using a Dell data centre, which monitors their computer systems 24/7, including ensuring data security in the event of a power failure.

The data centre was purchased in 2013, and hosts 70 virtual machines or servers, with a total storage capability of 150 TB, with about 80 TB currently in use.

With hardware reaching their end-of-life in 2021, current support costs have increased due to age, and will be about $75,000 in year 7.

In addition, Cornerstone engaged with IBM last February to develop a disaster recovery strategy and working plan. IBM monitors the disaster recovery environment and provides quarterly live testing to ensure there is business continuity.

Technology upgrades to be carried out in the current school year will be done at Arcola, Carlyle Elementary, Estevan Comp, Gordon F. Kells School and Wawota Parkland school.

Belinsky’s department is proposing to the school division a plan to have all school network equipment in an upgrade schedule, similar to school computer equipment, extended over a seven-year period to keep current with security updates and end-of-life cycles.