Your online info is not secure
Cybersecurity experts say attacks are too numerous for fail-safe protection but that threats can be contained.
If you think your personal information is safe online, you’re probably fooling yourself.
And if you think cybersecurity experts can keep hackers and other bad actors out of your networks, whether work, social or financial, you’re about to read some scary news.
Those startling realities were just a couple of topics presented at a recent panel discussion on cybersecurity featuring academic and industry experts, hosted by Metropolitan State University of Denver and moderated by Computer Science Professor Steve Beaty, Ph.D.
“This notion that we have of privacy – it might just be quaint,” said retired U.S. Marine Corps Lt. Gen. Robert Schmidle, adviser on cyber capabilities and conflict studies at Arizona State University.
Financial companies faced an average of 983 cyberattacks per day in 2017, according to a report from Positive Technologies. The volume and frequency of attacks led Isaca, a nonprofit information-security advocacy group, to predict a global shortage of 2 million cybersecurity professionals by 2019, said MSU Denver President Janine Davidson, Ph.D., who opened the panel discussion.
Ironically, that means technology, to some degree, has taken us forward into the past.
“When your grandparents were using telephones, they had what was called a party line,” Schmidle said, referring to a type of landline that was shared within a community and enabled nosy neighbors to eavesdrop on conversations. “A lot of small towns, you pick up the phone, you were going to call somebody, you just knew that all your neighbors, especially if you were younger and they thought you were trying to find a suitable mate, they would all go down the line to listen to what you were talking about.
“You knew that, and what strikes me as interesting is the way some people really think that what they’re putting on the internet is actually secure. I mean, they actually believe that.”
The truth is that with so many attempted intrusions into networks, 100 percent security is akin to holding your plastic lunch container in front of a firehose and hoping your food stays dry. It turns out that breaches are somewhat commonplace but that security professionals are generally able to quarantine sensitive data before it’s compromised.
Panelist Brenden Smith, chief information security officer at FirstBank, said, “The reality is with what’s been going on in the industry is you’re never going to stop every single attack that comes in. You still need to be putting up good perimeter defenses and controls to make sure that you’re doing your best practice and due diligence around that. But it’s become more important that you are focused on your incident-response capabilities.”
Venkat Reddy, Ph.D., chancellor at the University of Colorado at Colorado Springs, echoed that, saying: “I think there’s a whole lot of entrepreneurism happening on the dark side in terms of how fast people are hacking, and we’re not able to keep up with it.”
That was never more evident than during the 2016 presidential election, when coordinated attacks directed from Russia and its allies placed false stories on numerous less-than-reputable news sites, and those untruths were spread widely via social media. That social-engineering dynamic is perhaps the most frightening aspect of hacking because it relies on human error as the weakest link in the system.
“What we ought to be thinking about is the narratives,” Schmidle said. “What’s happening is that the way the elections are being influenced, perhaps the most pernicious way in which their influence both here and overseas … is not through direct manipulation as much as it is through the manipulation of us.”
Thus, the best defense is education of all users, beginning with children who are vulnerable through networked video games, said panelist Jennifer Kurtz, information-security expert at Colorado-based Manufacturer’s Edge.
“I would love to see (security awareness) just threaded through the curriculum beginning in kindergarten,” she said, “to talk about cybersecurity and just help make people safer.”
Vital to that learning is continuing it through higher education. MSU Denver is offering for the first time this fall a Bachelor of Science in Cybersecurity and next fall plans to offer a master’s program. The curriculum for the bachelor’s program pulls in departments of Criminal Justice and Criminology, Computer Information Systems and Business Analytics, and Mathematical and Computer Sciences. Moreover, MSU Denver is collaborating with UCCS and Regis University on an idea-sharing consortium to battle the threat.
Schmidle emphasized the importance of raising a generation of critical thinkers who can be a stronger bulwark against making the kind of mistakes that allow cybercriminals into our networks and computers.
“So you get an email that looks just like it ought to and it’s from a company that’s called dot-mac.com, you really have to look to see that (it’s not a legitimate source),” he said. “So what do you do? What I do: You don’t recognize it? Delete it. If it’s really important, somebody will call.”
Just not on a party line.