The recent ransomware attack on Colonial Pipeline has highlighted the importance of cybersecurity on a national level. One of NWTC's experts, Molly Vollrath, shares her thoughts on how we, in Northeast Wisconsin, can protect our own privacy and online data.
Q: What is cybersecurity?
A: The definition used most often is from the Cybersecurity and Infrastructure Security Agency (CISA): "Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information." This means understanding how much of your personal information you have made easily available on your computer, smartphones, social media accounts, or online services, like banking. Cybersecurity is the practice of understanding the weaknesses in these devices, services, and the people who use them – then taking measures to protect yourself, as well as your privacy, from cyber-attacks.
Q: How are we at possible risk in Northeast Wisconsin?
A: First, when we think about risk, there are several different pieces cybersecurity analysts take into consideration when they look at risk and risk management.
- Threats: Part of risk is understanding the unknown threats used by cybercriminals to gain access to a system. Threats can include social engineering attacks (like phishing emails), malware, distributed denial of service (DDoS) attacks, and ransomware. Threats are the tools and techniques an attacker uses to get in. Cybercriminals are typically motivated by financial gain or political agendas to use these techniques to attack a person, group of people, or business.
- Vulnerability: In cybersecurity, a vulnerability refers to a weakness, flaw, or error that can be used by attackers to gain unauthorized access in a computer or network of computers. These can be things like out-of-date operating systems, software that has been programmed incorrectly, misconfigured firewalls, or even something as simple as not having machines with sensitive data in a secure physical location. Another way to think about vulnerabilities: they're like holes that can give an attacker a way into your system. The more holes there are, the higher the risk. Choosing to accept that your computer is running on Windows 7 and has access to the internet is accepting the risk that an attacker could discover your computer and exploit its out-of-date operating system. Keep in mind that there is a national database of known vulnerabilities available to everyone, including attackers.
- Consequence: The consequence is the actual harm or damages that occur as a result of a successful cyber-attack. An organization or person will incur both direct and indirect consequences as they remediate the problem an attacker caused. In the example of the Colonial Pipeline ransomware, a direct consequence was the need to shut down their systems to prevent the spread of the ransomware to other computers on their network. Indirect consequences were the price increase of gasoline and limited supply of gasoline because of the attack. The same works for a person who chooses to not use an updated anti-malware on their home computer. They accept the risk that they may lose all the data stored on their computer if they download malware unknowingly off the internet. When you acknowledge a risk and vulnerability in your computer or network, you must understand the consequences that could occur if it is left unchanged.
This means every person, computer, and business in Northeast Wisconsin is at risk. Cyber criminals are commonly acting from outside your geographical area, and anyone with an internet connection then becomes a possible target to be attacked. My favorite cybersecurity teacher, Ryan Van Scyoc, always says, "The only way to eliminate risk is to take all the computers off the network, shut them down, and destroy the hard drives." Given how technology is integrated into our daily lives and jobs, we must accept that risk. The more information you have available online, whether that be online banking information, pictures on Facebook, or even your Amazon account, the more risk you have. This is the same for a person or an organization.
Q: What are ways we can keep our data and privacy safe online?
A: The first step to keeping yourself safe online is recognizing your risks. Not everyone's risks are the same. Some attackers only target government agencies, while a person at home should be more concerned about phishing emails or clicking onto a dangerous website. Identifying what you can change in your online habits to improve your security is an important way to keep yourself safe. Also, look at your devices that use the internet, whether that be a smart phone, computer, or tablet. Make sure they are set up safely and only access the internet through your home network, private work network, or your phone hotspot. Never connect your device to any public Wi-Fi. Attackers can set up tools on public Wi-Fi to collect your data as it crosses to the internet. You can help minimize your risk both personally and in the workplace by following these best practices from CISA:
- Keep your software up-to-date. Install software patches (like Windows updates) so that attackers cannot take advantage of known software problems. If automatic updates are available, you should have them enabled.
- Run up-to-date antivirus software on every device you use to contact the internet. A trusted antivirus software is important to protect against known threats (such as types of viruses and already identified malware). Be sure to enable automatic updates to ensure maximum protection against the latest threats, as attackers develop new threats all the time. Installing antivirus on all your devices helps protect you everywhere too. A great example of this is Malwarebytes, a free anti-malware tool that can be installed on all your devices.
- Make stronger passwords. Select passwords that will be difficult for attackers to guess. For example, do not use words found in the pages of a dictionary; instead, choose random letters to create a password. Do not reuse the same password for multiple accounts (for example, don't make your Facebook account and password the same as your banking account). It is best to use long passwords that consist of at least 16 characters, capital letters, and special characters. Password managers like LastPass can make managing passwords more convenient and help you create stronger passwords. If an attacker can't guess your password, your accounts are safe.
- Implement multi-factor authentication (MFA) or two-factor authentication. Authentication is a process used to validate a user is who they say they are. Multi-factor authentication focuses on something you know, like a password, and something you have, such as a smart phone. Most personal email providers, online shopping businesses, and social media platforms offer multi-factor authentication. If it is an option, always enable multi-factor authentication.
- Be suspicious of all unexpected email sent to you. Phishing emails are currently one of the greatest risks to the average user. The goal of a phishing email is to gain information about you, steal from you, or install malware on your device to control it. In a lot of cyberattacks, this is how a cybercriminal gains access into an organization. Therefore, we need to be careful about viewing unexpected emails. Remember to never click on hyperlinks or open attachments in unexpected emails. If you were not expecting to receive it, it is best to not even open it and just delete it.
Q: Is there a need in our area for more information technology professionals to be trained in cybersecurity?
A: Absolutely. COVID has changed all businesses to a hybrid work environment, and cyberattacks have become more frequent, complex, and increased the number of targets since the start of the pandemic. With the cost to a company of dealing a security breech continually on the rise (already in the millions), the need for skilled cybersecurity professionals in every business is growing tremendously. Cyber criminals are constantly working to develop new ways to gain access to networks. Their new techniques can go undetected by even the newest anti-malware software, so every business needs individuals who have the skills to detect malicious activity before it brings down an organization. According to the Bureau of Labor Statistics, the number of individuals employed within the cyber security sector is slated to grow by 31% between 2019 and 2029. That rate far exceeds the average for all occupations. Any business that uses the internet needs to then consider hiring a cybersecurity professional or paying a company that does cybersecurity consulting in order to keep up with how fast technology is changing.
Q: What do I need to know to get started in this program?
A: An individual who is considering pursuing cybersecurity should have a strong problem-solving mindset and attention to detail. You're taking a lot of small details in the traffic that happens on a network (an example of traffic would be a user sending an email) and looking for the needle in the haystack. Attackers use techniques to gain access into a system by trying to fool computers into thinking they're routine activities the machine normally does. It's being the kind of individual who can use strong logic and reasoning to determine what is legitimate and illegitimate. Something that attracts a person to pursuing any information technology degree is the want to keep learning and evolving. If you want to get started in information technology, you need to understand that continued education is lifelong because the field is so fast changing. What is up-to-date when you are student quickly becomes outdated within a few years. Because of this, being an adaptable person as well as a fast learner is extremely important.
All that being said, one of the most rewarding pieces of this program is taking a strong foundational skill set provided by the teachers and being able to continually reapply those concepts to new technology. Learning the techniques hackers use to break into computers and being able to utilize that knowledge in a way that creates a strong cybersecurity policy for an organization is one of the most exciting pieces of pursuing a career in cybersecurity. I would highly recommend this program to a person who is looking for a challenge and finds satisfaction in solving difficult puzzles.
Find out more about how to get started in Cybersecurity at NWTC.