Search
Search
News
Multimedia
Sports
Arts & Culture
Opinion
Subscribe
Life & Times
Fine Arts
Features
Send a News Tip
100 Years
Archive
Advertise
Donate

Subscribeto The Echo

The Echo

Wednesday, October 4, 2023 Print Edition

Donate

  • News
  • Sports
  • Opinion
  • Arts & Culture
  • Life & Times
  • Features
  • Fine Arts
  • Multimedia
  • Archive
  • 100 Years
  • Advertise
  • Send a Tip
  • News
  • Sports
  • Opinion
  • Arts & Culture
  • Life & Times
  • Features
  • Fine Arts
  • Multimedia
  • Archive
  • 100 Years
  • Advertise
  • Send a News Tip
Search

Subscribe

Subscribe to The Echo

The Echo aims to represent the views of diverse voices on Taylor University's campus fairly and without bias and to be a vehicle of accurate and pertinent information to the student body. The Echo also aims to be a forum that fosters healthy discussion about relevant issues, acting as a catalyst for change on our campus.

Fill out my online form.

9/18/2023, 11:54am

TU systems face cyberattack

IT resolves issue after investigation

By Kay Rideout
TU systems face cyberattack
Claire Tiemens

Chris Jones led the defense against the cyberattack

Share

  • Share
  • Tweet
  • Mail
  • Print

On the morning of May 18, a cyberattack temporarily disabled university systems for the first time in Taylor’s history.

Chief Information Officer Chris Jones was preparing for the Board of Trustees meeting when he noticed the print server was offline. 

“I just kind of had this knot in my stomach, and I called my team,” Jones said. “... we pretty quickly found that we were locked out of our systems and that they were encrypted. And my heart just sank.” 

Steve Elwood, director of infrastructure & support, was at home taking time off when he received notifications that printing wasn't working. 

A few hours later, Elwood’s vacation was cut short.

“Chris calls me and says, ‘Hey, you're gonna need to cancel your vacation — you need to come in, because we can't figure out what's going on,’” Elwood said. 

Dave Compson, manager of infrastructure services, had come in early that morning to install networking equipment.

Together, Jones, Elwood and Compson began investigating the source of the system crash.

“There was definitely, in the initial hours, a wondering like, ‘OK what exactly is the scope of this?’” Compson said. “We knew the systems were essentially down broadly; we didn't know why or what exactly the source of that was — that was probably the most nerve-wracking.”

Once a threat was identified, the Information Technology (IT) team began implementing a recently-formed incident response plan; they powered everything down — notifying the FBI, cyber insurance and cyber forensics teams of the incident.

The forensics team identified the cyberattack as a ransomware event: an incident which occurs when a threat actor (or “TA”) gains access to a system — stealing data to hold for monetary payments, encrypting servers and attempting to destroy system backups. 

IT team members began canceling summer plans and family gatherings to work through the weekend. A temporary war room was created in Nussbaum 022. 

Jones, Elwood and Compson, along with Brent Gerig, infrastructure systems analysts, Scott Wohlfarth and Brad Whatley, database and systems admin, Dan Gerhart, manager of user services and Mark Lora,  senior director of strategic analytic insight, designed a spreadsheet to track areas of the system that had been impacted.

“We pretty much lived there,” Jones said. “We went home to sleep. We ordered food … And we just sort of brought in a whole bunch of people, and we just worked and worked and worked at this — right through that weekend, right through the next week, and we were going pretty straight for a couple of weeks.” 

Thanks to the fail-safes previously established by the IT team, the university was able to recover almost 100% of the data from their backup systems. Most of the infrastructure was restored within a couple of business days; the full restoration process was completed a week or two after the attack.

During their investigation, the forensics team also found that close to 1 million unique data files were taken from the file server and university computers.

Taylor has since hired a data mining company to evaluate the missing files; though they are already weeks into this evaluation, Jones estimates that a full report on the missing data will not be ready until early October.

If the missing data contains personal identifiable information, the university will alert individuals impacted by the incident and inform them of next steps. Jones emphasizes that, up to this point, there has been no evidence that data of this nature was leaked during the cyberattack.

Forensic data has not identified the origin of the cyberattack or the specific threat actor involved. However, there is no indication that the threat came from the inside or was tailored to the university.

“There's a name of the group that they call themselves, which we're not publicly discussing at this point, but we don’t (know) beyond that,” Jones said.

Moving forward, the IT team has implemented a number of changes to strengthen the system’s defenses. These changes involve layering multiple partners and defenses on top of the systems previously in place.

Multi-factor Authentication for university employees has been emphasized and a full audit of active accounts conducted. A new software defense system called SentinelOne is now deployed on all Taylor-owned devices, and the university is partnering with Arete — a global cyber risk company who will monitor Taylor’s systems around the clock.

“If anything malicious starts to happen, they actually can go in and kill a process or even quarantine a computer completely off the network — or they can call us at two in the morning,” Jones said.

Additionally, the university is working with Branch Network Consulting, a local company helping to monitor the university system logs.

As more changes are made in the coming months to better protect the community, Compson emphasizes the importance of communication — encouraging community members to practice discernment and to alert IT if anything seems suspicious.

Questions and concerns can be emailed to helpdesk@taylor.edu or taken directly to the IT Help Desk in Zondervan library.

“We're trying to make sure that people understand it's not a safe world out there,” Elwood said. “And we want to protect them as best as we possibly can. But we also need them to protect themselves.”

Share



Related Stories

Jada Bonnett working at her desk in Freimuth, the business office.

Fellows program provides mentorship

By Kendall Beck

Several Taylor students received Young Life scholarships and will be helping start-up chapters in Grant County.

Redding brings Young Life to Upland

By Marissa Muljat

Ieremia (17) is top-five in the Crossroads League in solo blocks, while Conway (9) ranks 11th in the NAIA in kills. (Photos provided by Taylor Athletics)

‘Grace’ing the Court: a TU volleyball story

By Elise Hoylman


Most Popular


9/22/2023, 12:00am

Taylor students honor 11-year-old gas station tradition

By Matthew Harman

'Polar pops' tradition lives on at Taylor


9/18/2023, 11:54am

Suspects caught in unlocked car


9/18/2023, 11:54am

Pierce disaffiliates from denomination


9/21/2023, 12:00am

“Oppenheimer” Nukes the Box Office


The Echo To Homepage
  • About Us
  • Contact
  • Covers
  • Awards
  • Get Involved

All Rights Reserved

© Copyright 2023 The Echo

Powered by
Solutions by The State News.

Taylor University