According to a recent report, a cyber hacker with the pseudonym Rasputin published possible vulnerabilities in various cyber systems from 60 universities, one of those being NYU. In response, an NYU spokesperson said, “My understanding of that particular incident was that it was published that we had vulnerabilities. But we didn’t find any evidence that we had actually been hacked.” However, the NYU administration recently revealed that there are 257 vulnerabilities that still exist. Going forward, NYU must protect its students against cyber attacks and be more transparent about possible threats.
Of these 257 vulnerabilities still within the system, 50 percent are medium to high risk. These weaknesses are indicative of the many issues in NYU cybersecurity. The protection and well-being of all students and faculty should be the university’s main priority, and that includes the handling and defense of their private information. Digital security is nearly as important as physical security in the modern era, and it is NYU’s job to treat the matter as such. If there are legitimate concerns about the security of information held by the university, we should expend all resources necessary to ensure the safety of that information.
Besides protecting students, the administration must maintain full transparency in its reports about the attacks. Students whose information has been compromised must know they are in danger, and it would be reprehensible for the administration to conceal the facts to save face. Details about cyberattacks do not need to be made public; it is reasonable for the university to conduct their own private investigations into these matters. But students must be made aware of any risks of further hacking so that they can take preventative action.
NYU has an obligation to not only alert its students of potential cyber threats but also to take serious measures to ensure that attacks like these do not occur again. Although the Rasputin hacks were not as damaging as they could have been, if the administration does not put proper precautions and countermeasures in place, the repercussions next time may not be so harmless.
A version of this article appeared in the Monday, April 10 print edition. Email the WSN Editorial Board at [email protected]