By Dr. Kandis Boyd Wyatt
Faculty Member, Transportation and Logistics
Malware, hacking, and ransomware — these have all been reported as national concerns in recent weeks.
Hacking has evolved from teenage mischief into a billion-dollar growth business. Hackers have established a criminal infrastructure that develops and sells turnkey hacking tools to would-be crooks with less sophisticated technical skills. So, it’s important to understand why cybersecurity is critical and its main problems:
- Malware – is a blending of two words, malicious and software. Malware is defined as software that is intentionally designed to damage or cause harm to a computer, network, or server.
- Hacking– is the criminal act of using social engineering and software for hijacking, using Trojans, and deploying viruses.
- Ransomware – when hackers require a fee to be paid before computer systems control is returned to the company or individual that rightfully owns them.
Cybersecurity experts are needed to protect critical infrastructures such as financial services, health system records and services, utility services, and water supplies. Recent reports of hacking of U.S. meat and gas line companies underscore the need to expand cybersecurity efforts.
Financial Services Are at the Heart of Our Global Economy
Financial services are at the heart of our global economy. It’s safe to say cybercrime is a major risk to the banking system. In 2019, Jamie Dimon, CEO of J.P. Morgan Chase & Co stated that “Cyberattacks may very well be the biggest threat to the U.S. financial system.”
Precluding cybersecurity attacks requires installing multi-factor authentication and integrating tools that can provide checks and balances on digital money or data transfers. The key factor involved in these checks lies in determining whether employees attempting to move the funds are who they say they are or whether they have legitimate reasons for conducting transfers.
When it comes to cybersecurity, we learn by experience. In other words, most companies learn about cybersecurity after they’ve experienced an attack. Kevin Fu, acting director of medical device cybersecurity at the Food and Drug Administration’s Center for Devices and Radiological Health, warned last month that cyber threats to the healthcare and MedTech industries, including ransomware and other malware, are growing in sophistication, potentially putting patient safety at risk. Fu said, “Everything is hackable,” noting that medical devices infected by ransomware can be disrupted from properly performing critical clinical functions, which could lead to patient harm.
International Health and Utility Sectors Have Not Been Spared Hacking Attacks
The international health sector has not been spared either. In Ireland, a $20 million dollar ransomware attack on the Health Service Executive (HSE), the state-funded healthcare provider, led to a multi-week shutdown of most of its computer systems. The attackers threatened to release stolen data, including confidential patient records unless the HSE paid a $20 million (€16.5m) ransom.
Cybersecurity challenges extend into the utility field as well. A survey conducted by the Water Information Sharing and Analysis Center (Water-ISAC) and the Water Sector Coordinating Council stated that many utilities are “subject to economic disadvantages typical of rural and urban communities. Others do not have access to a cybersecurity workforce. Operating in the background is that these utilities are struggling to maintain and replace infrastructure, maintain revenues while addressing issues of affordability, and comply with safe and clean water regulations.”
Cybersecurity Water Supplies Threats Can Greatly Affect Large Populations
Water is essential for life and cybersecurity efforts to protect water supplies can greatly affect large populations. Cybersecurity threats can range from intentional contamination, theft, assault, threats sabotage, tampering, and surveillance.
“Of the hundreds of treatment plants that responded to the WaterISAC survey, only four organizations confirmed a breach of their IT or OT systems in the past year, while dozens responded they were ‘not sure’ if they had experienced an incident.”
According to WaterISAC, there are 15 main factors to consider when it comes to cybersecurity and water. The most notable include: performing asset inventories, minimizing control system exposure, addressing insider threats, and securing the supply chain. The EPA also recommends cyber resilience resources to develop cybersecurity best practices for the water sector.
In addition, the EPA has stated that cyberattacks on water or wastewater utility enterprises or process control systems can cause significant harm and compromise their ability to provide clean and safe water to customers. In addition, cyberattacks erode customer confidence and can result in financial and legal liabilities.
The Pandemic Opened New Hacking Opportunities against Secure Devices
According to the Dayton Daily News, the pandemic opened new hacking opportunities when companies sent employees to work from home where equipment was less secure than in the office. And as remote employees became more reliant on email, their equipment became a common entry point for cyber intruders. In addition, as more employees were working from home their personal devices became an increased security concern.
Prevention Is Both an Individual Responsibility and a Corporate Responsibility
Julie Haney is a computer scientist and head of the Usable Cybersecurity Program at the National Institute of Standards and Technology (NIST). She stressed that prevention is both an individual responsibility and a corporate responsibility. “So, from an individual perspective, strive to engage in security-minded practices no matter where you are or what you’re doing. From an organizational perspective, in addition to addressing topics related to secure work habits, one of the trends we’re seeing in institutional security awareness training is providing information employees can use in their personal lives and take home to their families.”
According to KOMONews reporter Suzanne Phan, cybersecurity prevention suggestions include:
- Scan for vulnerabilities: If possible, scan all devices before they return to the network
- Quarantine devices returning to the corporate network: Only allow devices access if they’ve been validated as secure.
- Educate employees on best practices, as well as threats like targeted phishing attacks.
Cybersecurity experts have told WBIR in Knoxville, Tennessee, that they need more people in their field as technology expands its reach. To that end, a local community college is training future professionals.
APUS Offers Several Cybersecurity Degree Programs
American Military University and American Public University offer a variety of graduate and undergraduate programs that include cutting-edge advances in cybersecurity. In addition, students can choose from multidisciplinary degrees, concentrations, and certificate programs related to cyber defense, information security, information assurance, cybersecurity, national security, and digital forensics.
The National Security Agency (NSA) and the Department of Homeland Security (DHS) have designated APUS as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE).
AMU offers a broad array of online degree and certificate programs, including bachelor’s and master’s degrees in cybersecurity, information systems and information technology with concentrations in information assurance or digital forensics. Undergraduate certificates include cybercrime, digital forensics and information security planning.
Prospective students seeking information about cybersecurity education should contact the university’s admissions team to learn more about the cybersecurity program.