cm67_hacker

by Kym Byrnes

An estimated “tens of millions” of customers of Anthem, the country’s second largest health insurance company, had personal information, including addresses, social security numbers, employment information and emails stolen in a cyber security breach.

Twitter, the Wall Street Journal, New York Times and the Department of Energy reported in 2013 that their computer systems had been breached.

In October 2012, Defense Secretary Leon Panetta stated that, “a cyber-attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11 … such a destructive cyber terrorist attack could paralyze the nation.”

Every day, with the swipe of a credit card, the click of email send button or the upload of personal information on a social media site, we are hurling our private and confidential information out into the cyber abyss where thieves are lurking.

“Technology is more accessible to more people now. [Hackers] can do damage from half way around the world with very little money. They just need knowledge and a connection,” said Matt Day, Director of the Cyber Technology Program at Carroll Community College.

Cyber-attacks often include viruses, worms, Trojan horses, phishing, denial of service attacks, unauthorized attacks (stealing data or confidential information) and control system attacks. Hackers are the people that employ malicious software and other systems to gain unauthorized access to a computer or network resource.

According to experts, companies are constantly working to keep their systems secure, which often requires spending a significant amount of money on manpower and technology.

One in five small businesses will fall victim to cyber-crime each year, and that number is growing, according to Timothy Niles, president of Westminster-based Technology Support Services, Inc.  It’s not the loss of cash that hurts a business when its systems have been hacked, it’s the reputation damage, loss of clients, class action lawsuits, legal fees, compliance lawsuits, costs to replace damaged or lost data and downtime.

“It’s going to get worse as mobile computing increases,” Niles said. “I mean, who would have thought an HVAC computer could cause a credit card system breach.”

In late 2013, retail giant Target had a cyber security breach that experts believe stemmed from a third party HVAC vendor. Sources reported that the attackers gained access to Target’s computer system through the third party vendor and were able to successfully upload their malware to a small number of cash registers within Target stores. The malware collected credit card information. It is estimated that between 70 million and 110 million people had information compromised in the data breach.

“Every person and every business is vulnerable as we are now in a connected society,” Niles said. “The key is education and simple protections to start.”

Keeping networks secure is going to be an ongoing battle as long as we are living in a cyber-centric world, according to Day. He said the government is putting more emphasis and resources into cyber security, and said he sees more and more industry standards being put into place when it comes to staying ahead of hackers.

“Nursing is standardized, meaning a nurse at one hospital should have the same protocols and practices for treating people as they would have at a different location,” Day said. “We’re moving in that direction, standards that organizations have to meet to make sure they are in compliance.”

Day said another part of the conversation has to be determining what the federal government’s role is in protecting people and businesses against cyber-attacks.

“Does the federal government have some responsibility to help Sony, or does the company have to do it on their own?” Day asked. “Who is going to lead? Is the federal government going to set standards and require corporations to comply, or are companies going to have to work together to share standards on how they’re protecting themselves?”

According to whitehouse.gov, the Comprehensive National Cybersecurity Initiative was put in place in 2009 to “help secure the United States in cyberspace.” The plan consists of a number of initiatives to strengthen government capabilities in the cyber arena, as well as working with private sector companies in research and development of better, faster, stronger and more sophisticated systems.

Carroll County State’s Attorney Brian DeLeonardo said his office has several initiatives to educate Carroll County residents about cyber crime.

DeLeonardo said his office has been presenting information to senior centers in the county to help educate people on senior financial exploitation and how to avoid being a victim of email/Internet fraud. He said the two presentations they have done at senior centers have been well attended and received.

“We are also doing education programs on issues of ‘sexting’ and other Internet dangers, as well as Internet safety concerns,” DeLeonardo said. “With the cellphone being a ‘mini computer’ now, the cell phone safety issue is most predominant.”

DeLeonardo said his office doesn’t typically deal with “hacking” issues, except occasionally in relation to fraudulent access to someone’s information and sometimes in harassing/stalking issues.

Carroll Community College’s Cyber Security Program

Day spent the first part of his career in corporate IT doing network administration. Eight years ago he took his expertise to the classroom and started teaching at Carroll Community College, where he has been instrumental in building a cyber security degree program. The program, which launched this fall with 28 students, received funding from the U.S. Department of Labor.

According to Day, the Department of Labor created a $14.9 million grant for community colleges across the state to conceptualize and implement cyber security degree programs. The programs are meant to be interchangeable so that a student attending one community college could easy move and transfer credits to a similar program at another community college.

Carroll Community College will receive just under $1 million over the next two years to invest in the infrastructure and equipment needed for such a technical and innovative program. After that, the school will have to maintain the program’s funding.

“The goal is to prepare students so they are ready to enter the workforce in this field,” Day said. “Our program is unique in that we have built it with a lot of on ramps and off ramps. We have some students who have no background whatsoever in the field and others who have already worked in the field.”

The program offers a three-point approach. First, students will earn a two-year degree. Second, they will have the opportunity to earn certifications, such as CISCO and Microsoft certifications, that align with their degree. And third, students will work closely with a career navigator throughout their time in the program to help them line up internships and jobs.

“Our goal is that when they graduate, they have a degree, relevant certifications and hands-on, out-of-the-classroom work experience in the field,” Day said. “The only thing we haven’t provided them with in the cyber security sense is clearance.”

The program is fast-paced and very aggressive, Day said.

“Taking a student from having no background to being proficient in this field is hard to do,” Day said. “It’s even harder when technology is evolving so fast.”

cm67_hacker_credit

Tim Niles, president of Westminster-based Technology Support Services, Inc., said individuals are more likely to be affected by cyber-crimes related to credit card fraud  and through emails from bogus sources that quietly plant malware in their systems to track and steal private information. Niles said many people don’t even adhere to the most basic security measures to keep themselves safe. He recommends the following to help people secure information:

  • Turn on the firewall on your PC and your home cable modem.
  • Back up your data. Do it often and, if possible, make it automatic. The tools are affordable and available.
  • Make sure you have good and updated antivirus/antimalware software installed. Some companies update their security software every hour. 
  • Don’t send any personal information (credit card, account number, bank numbers) via email, ever. 
  • Make sure you have a good antispam filter for your email. Remember, free isn’t free when you’ve been hacked. 
  • Make sure your computer is updated. Often, updates include closing security holes that hackers know about. 
  • You must have a password that is complex. Do not use “password” as your password. Use numbers, letters, upper case, lower case and special characters. We all hate them, but they are a wonderful protection.
  • Change the default password on your internet router, WiFi access point, etc. Thieves know the defaults. 
  • Monitor children’s use of the computer, not just for inappropriate material but to ensure they are not using programs and visiting sites or downloading material that will put your computer at risk. 
  • Don’t plug USB keys into your computer if you don’t know the source. They can contain viruses or programs that will infect or possibly destroy your computer.