Growing dependence on technology elevates need for heightened cybersecurity measures
The White House advisory served as another reminder of how cybersecurity has developed into a concern for a nation and world so dependent on technology.
The statistics can be jarring. Earlier this year, the California-based Identity Theft Resource Center presented their findings about data breach trends. In 2021, there was a 68% spike in data compromises last year over 2020. Moreover, ransomware attacks have doubled during the past two years.
As cybersecurity threats persist, Northwest Indiana industry professionals and observers are speaking out on the changes they have seen, what is being done to enhance cybersecurity and what should be taught today to defend against the next generation of attacks.
Olatunde Abiona, an associate professor at Indiana University Northwest, teaches about security in the school’s Computer Information Systems Department. He said there is a common starting point in cybersecurity.
“The basic knowledge that you need to have in security is how does an attacker launch an attack, and in case you are being attacked, how do you defend against it,” he said.
Abiona describes how attacks have changed over time.
“In the early days, an attacker tried to use things like viruses and other things that required some action to trap you,” he said. “Nowadays you have drive-by attacks where you do not have to plug in something to get attacked.”
Evolving situations
Brian Bakkila, the IT division sales operations manager for Grand Rapids, Michigan-based Applied Imaging, which acquired two Indiana businesses last year, offered a similar observation regarding ransomware.
“About a decade ago, we saw our very first client have that sort of a breach where data was encrypted, and we had to rely on backups to recover data in a massive way,” Bakkila said. “That is a threat that continued to evolve and how that evolves has changed a lot in those 10 years.”
This type of attack is not an issue that shows any signs of easing, Bakkila noted.
“We have moved from an ‘if’ to ‘when’ something happens at this point,” he said. “The scope of what happens can be limited by how you are protecting and how you are detecting. But the reality is we are seeing so much more activity.”
What was already a complex situation for IT personnel took on a new dimension in March 2020 as the coronavirus pandemic forced employees to largely work from their homes.
Ron Hulett, project manager / IT operations manager at Elkhart’s U.S. Business Systems Inc., a regional services and support organization, recalled how his team created secured connections that allowed employees to work away from the office.
Yet soon they were dealing with a ransomware attack.
“They decided it was more convenient to go in through a nonsecure (connection) and boom, they got nailed,” Hulett remembered. “It is those situations where they are thinking ‘I can do this because it is more convenient and saves me time,’ and it turns out to be an enormous cost for the business.”
Taking notice
Cybersecurity is a critical component of today’s higher education world as WGU Indiana Chancellor Alison Bell spoke about the specific challenges academic institutions face.
“Universities have to be careful about protecting their federal privacy laws that protect sensitive information,” Bell said. “We have to have the appropriate firewalls in place that protect student information that is being shared among and between people who are helping and supporting those students.”
Bell said a whole team at the university is dedicated to protecting both student and staff information, and one of their charges is to educate people on how phishing scams get through, acknowledging she recently fell victim to one.
“Folks who are behind phishing scams like to target universities particularly because there is access to so much sensitive material that they can leverage and use to their advantage,” Bell said.
Purdue University Northwest in April announced it will begin offering a Bachelor of Science in cybersecurity at the start of its 2022-2023 academic year.
Since 2014, the U.S. Department of Homeland Security and the National Security Agency have jointly designated PNW as a National Centers of Academic Excellence in Cybersecurity school for its computer information technology program. This designation signifies the strength of PNW’s cybersecurity curriculum and its status as one of only several institutions in Indiana with this recognition. It offers four-year in-person cybersecurity education, college representatives said.
“Cybersecurity is important because we are living in a connected world,” said Keyuan Jiang, professor of computer information technology and department chair of computer information technology and graphics at PNW. “Everything we create technologically will not be perfect, but we can try to minimize the vulnerabilities.”
He said everyone will be impacted by the need for better cybersecurity one way or another.
“We need to have a strong workforce in place to make sure things won’t happen as severely as we’ve experienced in the past,” Jiang said. “Cybersecurity incidents are shown to have huge costs.”
As colleges and universities must protect their sensitive data, so do private corporations. Technology firms are often retained in these cases.
Bakkila said customers are cautioned what to expect.
“There is no magic bullet in this space,” he said. “It takes multiple different strategies to make sure what you have identified for the client that is important to them, and you are successfully following the rest of that.”
Preparation counts
Hulett said his firm doesn’t take on clients unless they are willing to allow his firm to provide appropriate digital security measures.
“I don’t want to be responsible for their data if they don’t let us do our job,” Hulett said.
Yet when he finds companies willing to make the commitment to beef up their cyber defenses, Hulett advocates for many options, including the retention of a managed service provider.
“You need people (who) are specialized, who are looking at it every day, and don’t get caught up in the daily grind of all the things that keep business owners (busy) to keep profits up or drive revenues,” Hulett said.
Hulett said cyber defense often starts with email. He suggests steps such as putting labels on incoming messages warning employees to proceed with caution and provide education.
“Make sure you know what you are doing here when you click on something,” Hulett said.
He also calls for the implementation of two-factor identification, conceding it can be cumbersome.
“The inconvenience of dealing with multi-factor is much outweighed by the benefits of doing so,” he said. “We’ve enforced that on anything and everything that we possibly can. We encourage our customers to do the same.”
He also calls for the use of password vaults.
“It is very convenient to have to remember one 18-character password instead of 75 of them,” he said. “Then making sure we are closing down and getting out of these things before we close down at night.”
Bakkila added, while threats are constantly emerging, the opportunities are out there to deal with attackers.
“There are plenty of very affordable vulnerability assessment tools that can measure against well-known published vulnerabilities and document them in your environment to make you aware of them as they emerge,” he said.
Bakkila also sees an uptick in companies willing to invest in their cyber defense needs.
“That gives me some hope that businesses are better aligning with the threats that exist out there,” he said.
Hulett said cyber defense tools have gotten better and are more effective and more efficient.
“There is a lot more information out there that is easily and readily available for people to internalize what you give them in a presentation, and they can ratify it in their own mind,” Hulett said. “That has been a big plus as awareness has increased quite a bit.”
Referring to the international dangers — such as the recent warning about Russian interference — Bakkila said companies must be aware of situations but cannot allow them to serve as a distraction.
“That has always been something that has been out there, but unfortunately right now, that international threat is causing some organizations to not invest correctly in what could be not only stateside threats but actually internal threats,” he said. “It has shifted some of the focus for organizations away from thinking about how they protect their data internally to now they are more worried about what is out there as opposed to what they are doing internally.”
At the academic level, today’s students are being prepared for the next generation of cyber threats.
“I talk to them about the need to pay attention to what is going on in the news,” Abiona said.
Then he tells them they must be prepared.
“You might not be the one being attacked today, but tomorrow it could be you,” he said.
WGU’s Bell said, with greater attention being paid to cybersecurity, postings for IT-related jobs have increased by 190%.
“I think part of our job as educators is to help prospective students who are considering what direction to go to see IT as an area of opportunity,” Bell said.
The field will fuel job opportunities for generations to come, because all parties agree that, while defenses will improve, new attack methods are certainly on their way.
Hulett believes developing new defenses against cyberattacks are essential.
“It is going to be an ongoing battle,” he said. “Between the dark side and the light side.”
Managing Editor Larry Avila contributed to this story.
Click here to read more from the June-July 2022 issue of Northwest Indiana Business Magazine.
