Brad Wheeler, Vice President for Information Technology & Chief Information Officer,
One challenge that we face in our organization is the constant task of educating a large number of staff, students and faculty on the importance of practicing safe habits when working with data. The most common security issue we experience is not the result of malicious, intentional acts by hackers or employees, but rather irresponsible mistakes by good intentioned employees (e.g., placing valuable data onto an unsecured thumb drive, then misplacing it). While there is no way to completely prevent this type of security breach, we believe that by providing our staff, faculty and students with an abundance of information on safe network practices and proper data handling, we can hope to greatly reduce the likelihood of a security breach.
In regards to malicious actions by hackers and employees, what we have seen in other organizations are coordinated, planned attacks. For example, one specialist is hired to break into the system, another specialist is hired to enter the system and wait (sometimes for months) for the valuable data to come across so it can be taken, then another specialist is hired to come in afterwards and remove all traces of the entry. This type of organized attack is difficult to plan against and even more difficult to discover. Leaders of IT organizations will need to take a pro-active approach in dealing with these concerns.