Team of the Month 03/22: WU’s Security Incident Response Team
It’s winter 2019, and thousands of students and employees are standing in seemingly endless lines in front of Justus Liebig University Giessen. They are all waiting to receive new login data so they can use the university’s digital infrastructure again. The reason? A cyberattack. Cybercrime has become the largest sector of the global shadow economy, and universities are among the organizations affected. WU therefore needs to ensure security in the digital space as well, in order to avoid emergencies as best as possible – and to be prepared for critical incidents when they occur. In such cases, the March 2022 Team of the Month is the digital task force that coordinates WU’s defenses against attacks from a technical perspective.
When it comes to defending against digital attacks, it is important to know the affected IT infrastructure like the back of your hand. However, it’s also crucial to know how cybercriminals operate, what methods and tools they use, and how to respond effectively. The Security Incident Response Team, or WU SIRT for short, therefore consists of employees with technical expertise and skills that are as diverse as possible, so that the different strengths of the team members cover the entire range of the relevant technologies.
“When there's a fire, we need a well-trained digital fire department that’s ready to respond quickly in order to avert the danger," says Josef Kolbitsch, head of IT-SERVICES. Special training courses are therefore held to hone the technical skills needed to investigate and fend off the various types of attacks, and to practice coordination and teamwork in the event of an emergency. One of last year’s highlights was a multiple-day training session held in a cyber range, where cyberattacks were simulated in a secure environment to allow the team to practice defending against threats under professional guidance. These exercises as well as the real-life situations that the team has had to deal with have created a very strong team spirit.
“IT security is everyone’s job – from IT specialists to the end users. Even within SIRT, the boundaries are blurred. Looking back at the last major challenges, we needed the help of many more colleagues from outside the core team to sort out the situation. It’s great to see everyone at IT-SERVICES and the entire WU community pulling together,” the SIRT team members agree.
Security stands and falls with the people who use IT services. This fact is particularly noticeable in serious cases: 95% of all successful cyberattacks start with a malicious email sent to employees. Once their credentials have been phished, the login data are often used immediately to gain unauthorized access to user accounts – sometimes this happens within the same minute. “The recipe for success in avoiding emergencies is raising security awareness among all of us. This includes a healthy dose of caution when dealing with links and attachments found in emails or messenger or SMS text messages, and it also means installing software and apps from trusted sources only, setting different passwords on different systems, and using two-factor authentication,” the SIRT experts explain. Attackers always target people first when trying to hack their way into an organization’s infrastructure. Therefore, all WU employees share part of the responsibility for using data and applications carefully to keep WU safe from harm in the future.