Who needs Halloween, when cybersecurity threats terrify?
Symposium sees UND, industry pros commit to cybersecurity research, training and action
Students, academics and industry professionals gathered in the Memorial Union on Monday for a glimpse into the ever-changing field that is cybersecurity, at UND’s third annual Cyber Awareness and Research Symposium.
The symposium hosted about 200 participants from nine different countries, with the goal of raising awareness of the importance of keeping abreast of developments in the field and providing a platform for networking among industry professionals.
“The importance of this event grows every year,” he said. “Last year this event was on Halloween, and I made the comment that that is an important day to have a cybersecurity symposium because the threats we face are certainly as frightening as any costume or scary movie. As everybody in this room knows, we are essentially already at war against foreign governments, criminal organizations and others in the cyber world. The threats that we face have the potential to affect our daily lives, so that makes events like this incredibly important.”
Tande added that UND has welcomed “several new faculty members” this year at its Center for Cyber Security Research, with the goal of adding additional positions by next fall.
Prakash Ranganathan, UND’s director for cybersecurity research, said the field of cybersecurity requires collaboration across many academic disciplines.
“Cybersecurity is very broad,” he said. “It has all the elements — not only technical aspects but also human factors. It is pervasive in every discipline. In order to have a good cybersecurity program and research, you need to be well-rounded to ensure participants have a wealth of knowledge and provide solutions that are able to track the problems we see.”
Ranganathan also said he has noticed an uptick in students interested in entering the field, evidenced by an increase in enrollment in UND’s bachelor’s degree in cybersecurity.
Jacob Benjamin, director of international services at Dragos Inc. — an industrial cybersecurity firm — stressed the importance of developing a robust defense infrastructure.
“I don’t believe there is necessarily a secure architecture — it’s difficult, if not impossible, to design something that’s totally secure,” he said. “But we can design something that’s defensible, that can be defended by human defenders. You need a network that works for you.”
Benjamin also urged students interested in entering the field of cybersecurity to collaborate with academics and professionals across disciplines.
“Make friends with engineers — they’re merging fields,” he said. “See what kinds of cross-disciplinary problems you can solve.”
Dale Meredith, a cybersecurity professional who has advised numerous companies on the subject and offers courses on his website “Dale Dumbs IT Down,” said the dynamic nature of cybersecurity requires constant vigilance toward emerging threats.
“When we get some new device that comes out, I look at it from both perspectives,” he said. “I’m always looking at what could be done with a particular device. Cybersecurity is very similar to what we refer to as a box of chocolates — meaning sometimes we don’t know what we’re getting into.”
He also cautioned attendees against “password recycling,” or using a generic password for multiple accounts, stating that the practice creates an easy target for hackers.
“It used to be that people would have like four passwords,” Meredith said. “One for financial stuff, another one for shopping and then you might have one for social media accounts. From an attacker’s perspective, they look at that and go ‘let’s see, if Dale’s password for Facebook is ‘Batman,’ I’m going to try that on other accounts and see if I can’t get in.’ Account takeovers are extremely volatile right now — we’re seeing a 300-plus percent increase in accounts being taken over by hackers.”
In addition to cautioning against password recycling, Meredith urged attendees to disable the feature allowing automatic connection to wireless networks on their devices, as the function allows would-be hackers to infiltrate users’ personal data.