Red and gold graphic that shows a screen with the caution sign

Cybersecurity spotlight: Meet the engineer defending Sun Devils’ data

This expert Q&A is part of our Cybersecurity Awareness Month series, exploring the top trends and tips for staying safe in an increasingly complex online ecosystem.

October 2, 2024

Have you ever wondered who protects your information during a data breach, responding in real-time to prevent Sun Devils from falling victim to cyber threats? As part of National Cybersecurity Awareness Month, ASU Enterprise Technology is highlighting the invaluable contributions of security engineers and other IT professionals whose diligent efforts protect our data from evolving digital threats.

These experts include Senior Cybersecurity Operations Engineers like Bri Mascheri, who has been with the Enterprise Technology Security Operations Center for a year and a half.

Coming from a background in the defense industry, including the armed forces and defense partners, Mascheri noted fewer women in technology than men — especially in a male-dominated military environment. She eventually transitioned to higher education, joining ASU’s Blue Team, which protects the university from threats impacting higher education.

Mascheri’s day typically involves handling escalations of priority cases, updating and developing training resources for the team, and deploying new toolsets and alerts that further protect ASU employees and students. Whether responding to an internal or third-party breach, ASU leverages federal response phases for cybersecurity incidents: detection, analysis, containment, eradication and recovery.

In celebration of National Cybersecurity Awareness Month, Mascheri shares her insights on best practices, emerging threats, safeguarding sensitive data and new tools to simplify the process.

Question: What is the landscape of cybersecurity at a university?

Answer: We have a constant influx of learners. The university regularly accepts new community members and retains old ones, with the population shifting every 4-8 years as people complete their education. While some industries focus solely on a single data type, such as credit card transactions, Institutions of Higher Education have access to many different types of data, which makes us a target for threat actors.

We see attempts to fraudulently obtain sensitive information from our many students, faculty, and staff, highlighting the need for individuals to pause and carefully consider the emails they receive and the websites they visit. Entering a password into an unfamiliar website or downloading an unknown file can provide unprecedented access to valuable data.

Q: What is the landscape of cybersecurity threats that we want people to be mindful of now?

A: Phishing investigations dominate the cybersecurity landscape—they are our most-worked category. By and large, our most common phishing email is a specific threat dubbed “Soc-Gholish,” a pesky pop-up that says your browser is due for an update, but it turns out to be a malware package.

When fielding digital communications for phishing and other hacking attempts, it’s important to ask yourself: where is your presence? Pause, slow down and reflect on an email, phone call or text message. Does the message prompt me to do something with urgency? Does it make sense that this person is contacting me?

With so many demands on our time, it’s natural to push ahead, but if something feels amiss, it’s essential to step back and take a moment to reassess. The pause can be the difference between keeping your data secure and falling for an online threat.

Q: These threats often seem legitimate or convincing. What tip-offs should folks be looking out for?

A: Soc-Gholish is unique in that it often takes over legitimate websites for a short period, and it may even have been a website you visited in the past, so everything “looks alright” on the surface. Be on the lookout for anything pressuring you to update your browser. For example, a flashing pop-up threatening that your browser is outdated, asking you to download a file with an extension of .zip or .js, is a strong sign that you’re looking at illegitimate malware rather than a necessary security update.

Q: The “biggest tech outage” occurred this year: CrowdStrike. What was it like experiencing and addressing this threat in real-time?

A: Endpoint management and Deskside teams helped those directly affected by the massive CrowdStrike outage, and they should get a huge shout-out. Meanwhile, on the Security Operations side, we were responding to threat actors who took advantage of the incident very quickly — dozens of new websites were spun up and sent out via phishing emails by bad actors claiming to offer fixes for the “blue screen of death" that actually distributed malware. Our job was to monitor these additional attacks and mitigate their impact on the university.

Q: Two new data tools are available on ASU’s Get Protected: The Data Storage Selector and the Data Classification Tool. How do they assist the community?

A: The Data Classification Tool uses yes-or-no questions to classify data and guide users on proper management and handling based on applicable regulations. Then, users can use that classification to visit the Data Storage Selector to find compliant storage options for that data.

The goal of putting these resources into a web tool was to make them more accessible to the larger ASU community, particularly for employee use cases. This way, anyone — from teaching faculty to facilities staff — can easily access these tools and find value. For example, someone who manages building plans may ask, “Is the data I handle day-to-day considered sensitive information?” By using the tools on GetProtected to understand the classification of the data you work with, you can approach that data with greater confidence.

Q: We asked each expert to provide a practical tip. Check out Mascheri’s response below: