Story by Rick Vacek
Photos by David Kadlubowski
GCU News Bureau
As a panel of experts Thursday morning explained the complexities and out-and-out terror of the world’s cybersecurity battle, Grand Canyon University senior Crystal Wake knew one thing for sure: She and her fellow students are being taught these concepts … like, every day.
Asked how the panelists’ opinions align with her classwork, the information technologies major’s face lit up.
One hundred percent,” she said. “It aligns almost exactly, whether you’re talking about the assignments or what comes with a class.”
Among the panelists for the AZ TechTalk event on the fourth floor of the Library was Dr. Heather Monthie, Associate Dean of the College of Science, Engineering and Technology at GCU. She has made it her mission to make sure students have the right mindset for what might be the most important undertaking in the world in this century.
“What we’re essentially doing is we’re teaching the students how to think like the bad guy,” she said. “That’s really critical. If you can’t anticipate what the adversary is going to do, you can’t put in measures to try to prevent these kinds of things.
“You have to really be able to think a little bit differently and think creatively about how some of these technologies can be used for defense.”
There were many stunning statements in Thursday’s session, not the least of which is the fact that many hackers work regular business hours for companies with otherwise normal buildings, vacation plans and medical benefits.
After an hour and a half of listening to how nearly half of all businesses have been attacked and how not even biometrics are the answer to computer system security, you couldn’t be blamed if you decided to not go online ever again.
Except for the little problem that it has become a staple of modern life.
“If we give up convenience, we already have lost,” said Ori Eisen, founder and CEO of Trusona. “… If we give that up, we won’t know how to get home from here.”
The crowd laughed nervously, knowing all too well that GPS tracking has ended the need for printed-out directions. This was all about how our every movement, both in the car and on the computer, can be tracked – by legitimate businesses and by the “bad guys” as well.
“We have to think about the ways people are going to use it to do bad things,” Monthie said during the panel discussion.
And the challenge of those predictions is that they can be unpredictable. “It’s the art of defending from the unknown,” Eisen said.
That’s where education comes in. Monthie emphasized trying to think like hackers think, just as the police do the same with other criminals. Students are taught to think that way at GCU’s Cyber Center of Excellence, and it’s not hard to envision those same students soon going out into the business world to continue the fight.
“We have to adapt. We have to take advantage of the technology that comes from education,” said Sean Moshir, CEO and co-founder of CellTrust. “The most important thing I’ve seen in my life is the education of employees.”
He meant the cybersecurity education, or, as he put it, the end of the days when someone yelled down the hall, “Hey, Jimmy, what’s the administrative password?”
The discussion about passwords and other firewall protections was particularly interesting. The panel agreed that relying solely on passwords is as flimsy as “1234,” but even more stunning was their consensus that even biometrics can be hacked.
Part of the discussion centered on what a small company should do when the seemingly inevitable – a computer breach – happens.
“Most small companies don’t think they’re a target and are embarrassed,” said Dr. David Bolman, Provost and Chief Academic Officer, University of Advancing Technology and moderator of the panel.
Greg Schu has seen ransomware demands that ran into the millions of dollars. Greg Schu, a partner at BDO, said hackers who infiltrate a computer system with ransomware can demand payments from the thousands to the millions, and Eisen was adamant that those payments should never be made.
“Once you start paying,” he said, “you’re just feeding the beast.”
Bolman suggested that a hacked business owner’s first phone call should be to the FBI, but the panel also agreed that police and government authorities are playing a dangerous game of catch-up as they try to lasso the cybersecurity threat.
“I think you’ll see that at the federal and state level the laws will get tighter and tougher,” said Steve Zylstra, President and CEO of the Arizona Technology Council.
The panelists said they urge businesses to obtain cyber insurance, and Schu added that they should make sure their computer system contains only essential information. “Eliminate what you don’t need because that’s a big risk,” he said.
But protection starts at the personal level. No matter whether you’re on the computer at the office or at home, you have to limit your curiosity. That’s why Eisen starts his talks with a picture of a cat, as in, “Curiosity killed the cat.”
Monthie added, “When you get an email that says, ‘Look at what I found out about you on the internet,’ your natural inclination is to open it.”
But even if we’re hyper-careful, we’re still vulnerable.
Schu told the story of how he was having a conversation with his wife and daughter, and suddenly his daughter started getting messages for items related to the conversation.
Eisen talked of how his wife used to tell him that Facebook was listening to their conversations. He dismissed the idea until he discovered that the agreement we routinely click through when we sign up for Facebook includes permission to turn on the cellphone microphone and, yes, listen.
“We’re training developers, we’re training computer scientists, we’re training people who don’t traditionally think of themselves to be working in cybersecurity – they need to be thinking about these kinds of things,” Monthie said afterward. “Is it ethical? Does the user know about it?”
As if right on cue, the author of this story got a credit card security alert while the panel discussion was going on. It turned out to be legitimate – someone who had the credit card number had called the provider hoping to obtain another copy of the card.
Score one for the good guys … but it’s yet another example of the fight that figures to dominate headlines for years to come. And it makes you wonder yet again: How on earth did someone get that credit card number? For one simple reason:
“In the digital world, the entire world is across the hall,” Moshir said.
And it’s watching and listening. It will take an army of new recruits – such as the many GCU students going through their cybersecurity “boot camp” – to win the fight.
Contact Rick Vacek at (602) 639-8203 or [email protected].