Tag: Cybersecurity

Cybersecurity trends for 2020?

Advertisements
Photo by vipul uthaiah

What are the top cybersecurity threats and trends you should watch out for in 2020?

Tulane University expert Joseph Dalessandro predicts hackers will continue to focus on what works best and augment it with new and novel methods of attack.

Joseph Dalessandro, an expert and professor in information technology in Tulane University’s School of Professional Advancement, breaks down the top cybersecurity threats and trends in 2020.

Advertisements

Dalessandro predicts hackers will continue to focus on what works best and augment it with new and novel methods of attack. Here are his top five cybersecurity trends to watch in 2020. 

  1. The cybercriminal has become a mainstream occupation, and America is finally waking up to this fact, even though many countries have known this for several years. Many Americans wake up each day, dress and head off to work. Cybercriminals are no different. Around the world, these individuals do the same thing. They head off to an office where they spend all day trying to steal data and find ways to access bank accounts. It is now a “regular” job in some countries, including the U.S., and is currently very profitable employment. This trend will continue to grow and become more accepted in the future. This will impact new areas that have not previously had cybersecurity problems. 
  2. Phishing and whaling will reach the next level. Phishing is when criminals use fraudulent emails in an attempt to steal usernames and passwords or to plant a virus or ransomware on computers. Whaling is the same thing, except the target is a specific executive or executive type or business owner. Criminals are targeting specific emails because it is one of the most common forms of business and personal communication. Malicious emails are very successful, and criminals are well-versed with what to say, how to follow-up, and in some cases, have 800 numbers for these victims to call. 
Advertisements

Some statistics to know about this trend:     

  • 48% of all malicious email attachments are Microsoft Office files (Word, Excel, PowerPoint)
  • Top 5 scams in order: bill notices, email delivery failure, package delivery, legal/law enforcement, scanned document.
  • 55% of email is spam (and potentially dangerous)
Advertisements
Advertisements
  1. Connected devices (watches, wearables, appliances, toys, cameras, smart home automation) will continue to present both opportunities for businesses and problems for businesses and consumers. Twenty years ago, I had high-speed (1.5 Mbps at the time) bandwidth in my home, and I had a total of three devices connected: a laptop personal computer and two servers.  I controlled everything, and security was tight, and I still had problems. Today I do not run a business from my home, and my bandwidth speed averages 30Mbps and I now have 19 devices connected at all times, most of which I have little or no control over. Many businesses are no different. This increased attack surface will present more significant problems in 2020 with attackers looking to leverage these in-home aids, medical devices and smart-home appliances to steal data
  2. Website attacks. The No. 1 attack method is still SQLi (pronounced Sequel-injection or S-Q-L-i). SQLi recently reached a milestone, celebrating a successful 20 years of existence. It is a sad commentary on cybersecurity. Website attacks will continue to rise in 2020 because they still work. Criminals are nothing if not consistent. If it works, they use it and rely on it.
  3. Cryptocurrency will continue to grow with more “regular” people moving toward cryptocurrency use in 2020.  We will hear more about Bitcoin and Libra (Facebook’s cryptocurrency) and other “stablecoin” (backed by what we today call “real assets”) players in 2020 with more mainstream acceptability.  This will present opportunities for both consumers and criminals.
Advertisements

Protecting data, recruiting students to cybersecurity

Advertisements
Cyber Defense Competitions are one of the events Doug Jacobson is using to attract students to cybersecurity studies and careers.

AMES, Iowa – Well, Doug Jacobson acknowledged, the Cyber Defense Competitions at Iowa State University aren’t exactly lessons from a software manual. 

Advertisements

“They’re a party,” said Jacobson, a University Professor of electrical and computer engineering, the director of Iowa State’s Information Assurance Center and the holder of three degrees from Iowa State. “They’re a two-day party. There’s food. It’s loud. Students are all together. And it’s chaotic.” 

It’s also challenging. 

The latest version of the campus cybersecurity experience, contested on Oct. 12, asked Iowa State students to protect the computer servers and applications of the “Chris and Doug Construction Co.” 

Students worked to protect the company’s information, electronically monitor the company’s cranes and other equipment, take care of the time clock application and run the company’s website. 

Advertisements

All the while, attackers tried to bring the systems down.

And these attackers were motivated: “Our next client has caught some flak from internet forums for its recent work on data analysis and has been receiving large amounts of attacks on its infrastructure,” said the contest’s written scenario. “As such, we need to make sure we are up to spec and protected before we move equipment over and get set up.” 

Setting up the construction company’s information systems and protecting them for eight hours was a unique experience for students. 

The competitions really offer students a “moment,” said Nate Evans, an Iowa State graduate – undergrad and doctorate – a former Cyber Defense Competition director when he was a student, and the current cybersecurity program manager at the U.S. Department of Energy’s Argonne National Laboratory near Chicago and lead developer of Argonne’s own Cyber Defense Competition. 

Evans believes a few special, hands-on moments can inspire and influence students. 

“The excitement of defending in a Cyber Defense Competition,” he said, “is a moment that gets students excited about working in cybersecurity.” 

Reaching thousands

Jacobson launched Iowa State’s Cyber Defense Competitions in 2005 – “That was an era when people didn’t know about cybersecurity” – after learning how the military was running information-security exercises. He decided to make the contests a little more fun and, to date, nearly 2,000 Iowa State students have competed in 20 contests.

(Another 1,588 Iowa high school students, 967 community college students and 918 students from Midwestern colleges and universities have also participated in contests at Iowa State.) 

And, the best estimate says Jacobson’s tradition of making breakfast on contest Saturdays has resulted in about 15,000 pancakes.

Why go to all the trouble? 

First, Jacobson said, the competitions are great for teaching and learning.

“Learning how to detect, mitigate and report attacks in real time and under pressure – I can’t lecture on that skill,” he said. 

Second, they’re a great way to introduce students to real jobs in cybersecurity. That includes introductions to industry professionals who often come to campus to play the role of the competitions’ hackers. 

Because of headlines about cybersecurity failures, “students now know what cybersecurity is,” Jacobson said. “But they don’t know what it is from a career perspective.” 

Advertisements

Learning at the cyberparty

With nearly 2,200 students, Waukee High School just west of Des Moines is the second largest high school in the state. 

It has a HyperStream Technology Club that has had as many as 80 students. It has an APEX Program offering work-based learning opportunities for 600-plus students interested in business or technology. 

But, even with its size and resources, it’s not able to offer a cybersecurity curriculum. 

And so the district has turned to the programs Jacobson and his team have developed. Schools across the state are offered a year-long curriculum – including books, videos and access to faculty. Plus, there are trips to campus for Cyber Defense Competitions and IT-Olympics. 

“The competitions are where students get hands-on experience with cybersecurity,” said Michelle Hill, the director of Waukee High School’s APEX Program and adviser to the technology club. “They’re also able to meet with business partners who do that for a living. That is so valuable to students.”

Plus, there are opportunities to visit a research university, listen to expert speakers, win scholarships and, for girls, be inspired by the success stories of women in the field. 

“I wouldn’t miss it,” Hill said. 

That’s another reason he’s doing these outreach programs, Jacobson said. 

Yes, of course, he has other things to do. There are research projects to manage, such as the $3.5 million Internet-Scale Event and Attack Generation Environment he developed to study cyber defense. There’s also helping with Iowa State’s new major in cyber security engineering. 

But he’s at the Cyber Defense Competitions on several Fridays and Saturdays a semester, flipping pancakes, talking to students, visiting with corporate partners and making sure everything is on track. 

“This has a great impact – on society and on the students we bring in,” Jacobson said. 

Besides, it’s still a party with a purpose: “It’s just as much of an educational component as a competitive one,” he said. “I hate to use the word competitions. We want it to be fun.

“We’re an intramural sport.”