Cybersecurity Threats at MIT

Think about the types of information that you handle in your role at MIT. Do you use or store any information that could be considered sensitive in certain circumstances? What would happen if that information was modified without your knowledge, disclosed to the wrong people, or destroyed with no method of recovery?

Your Computer is a Resource

Even computers that don’t appear to have any valuable information can be attractive targets. Compromised computers and other devices can be used as a foothold allowing attackers to spread through the network. Networked devices in MIT's public IP space are constantly under attack from devices across the globe. Most remote attacks are undetectable to the end user and once access to a device on the network is obtained, sophisticated attackers use techniques to maintain persistence. This allows them to return over time to siphon off information, collect credentials, discover other vulnerable devices on the MIT network, and launch attacks on other networks. 

What happens after a breach?

Depending on the type of information exposed, MIT may be required to notify both the affected individuals and parties such as the Massachusetts Attorney General. For some types of information, the Institute may face financial penalties. MIT community members who have mishandled export-controlled information could even face criminal penalties.