The general method of operation for cyber security is to test for vulnerabilities in systems and then improve them. To be proactive in cyber defense, the experts have to think like the attackers. This method is called “white hacking,” and it’s one of the tools used against possible attacks from individuals, businesses, “hacktivists” and even world governments.
Luckily for our state and our city, some of the brightest minds in the world have come together for the purpose of cyber security through the University of Florida’s Florida Institute for Cybersecurity Research. FICS Research was established in July 2015 through the University of Florida Preeminence Initiative. Along with at least two dozen other research areas, cyber security was identified as a critical area of focus of the initiative.
“Cyber security threats affect every single person, everywhere, every day,” said Steve Orlando, senior director of media relations for the University of Florida. “We feel like, as a university, our job is to find solutions.”
The idea behind establishing FICS Research was to find the best minds in the country and the world. The leaders were hand-picked within their topic areas and come from institutions including the University of Connecticut, Case Western and Georgia Tech, to name a few. They include people like Patrick Traynor, a software and mobile security expert who recently wowed people at the May UF Eye Opener Discovery Breakfast, and people like Mark Tehranipoor, a hardware security expert who is one of the most recognized leaders in his field.
FICS Research is unique in this way. Some places focus on just software security or just network security, but FICS Research focuses on device, hardware, software and network securities as well as security vulnerabilities related to people, Tehranipoor said.
“What is unique and challenging about cyber security is that it’s a game of cat and mouse, which means that as we educate ourselves further, the attackers and adversaries are also educating themselves better,” Tehranipoor said.
There have been attacks here and there around the world — some have been caught, others have been curveballs, Tehranipoor explained. As humans become more connected through the cyber world, the possibility of attacks has become greater and more dangerous. Many businesses follow the philosophy of “escaping the bear” or being just invested enough so as not to be the easiest target when it comes to cyber security, Tehranipoor added. Whether the tradeoff between spending more money to be more secure is worth it is still a gray area.
For companies that manage private data, losing people’s personal information is a significant business loss. For devices and systems used in applications that could be compromised, they affect every individual using it. Possible worst-case scenarios are attacks on the fundamental infrastructure of society — power grids, bridges, or even financial systems — and the results could be catastrophic. Unfortunately, Tehranipoor said, many of these systems are outdated legacy systems from a time when security was not an issue.
As society progresses, cyber security continues to become a more proactive rather than a reactive process. The University of Florida and Tehranipoor place a lot of value on not only educating the public, but also training a workforce for this type of work. He believes that the U.S. requires an additional one million employees who are cyber security experts to maintain adequate security. And even though it has been established for only a short time, FICS Research strives to be a leading institution on cyber security and the frontline in the battle versus cyber terrorists and attackers.
“We are dealing with an adversary that is very intelligent — you can’t guess what the next attack may be,” Tehranipoor said. “There is no such thing as making (a system) completely secure; you can only make it more secure compared to where it was before.”
Defending Yourself and Your Business through Cyber Security
“Honestly, the way that this thing is morphing, I’m not sure you can say that you’re totally safe,” said Brian Scarborough of Scarborough Insurance. “If you got an email saying it’s from Bank of America and you don’t own any accounts from Bank of America, don’t open it.”
There’s always a way to be proactive about cyber security for you and your business. Here are some tips from Scarborough:
- Transfer some of the risk to insurance companies.
- Identify your exposure. If, for instance, you run a medical practice and have all your notes online, then you probably have a significant cyber exposure.
- Work with IT professionals. And, stay in communication with them — make sure they understand what you’re doing in terms of business and make sure they keep you up-to-date.
- When transmitting sensitive data, make sure it’s through a secure network. Even when transferring money online, make sure it’s through an encrypted network.
- Be safe and don’t take any unnecessary risks. If an email looks suspect, wait for a phone call.
- The most common password in the world is “password.” The second most common is “12345.” Make yours more difficult to crack than that, and try to have several different passwords for different uses.
RAMÓN PEÑA is a fourth-year journalism major at the University of Florida. He hopes to become rich and be able to retire before his thirtieth birthday. In the meantime, he’s content speaking a mixture of English, Spanish, and French, trying to kick-start his internet fame and being a full-time journalist on the side.