Protecting the Cyber World

There’s no question that the digital revolution created a world of new conveniences, many of them downright essential during our collective pandemic disruption. Where would we be without the ability to work and learn from home? How many more trips to pick up necessities would we risk without Amazon or DoorDash?

But with all the advantages come equal and opposite threats posed by increasingly sophisticated scams and cyberattacks, creating unprecedented security risks on a personal and even national level, said Marc Fruchtbaum, Defensive Cyber Operations specialist for IronNet Cybersecurity and Captain in the Maryland Defense Force Cyber Defense Unit.

“Cybersecurity attacks have exponentially increased over the last decade, and they’ve accelerated even more due to the implementation of large-scale working from home,” he said. “Scammers and hackers have definitely taken advantage of the COVID pandemic to spread scams and malware across the Web. As a ‘threat hunter,’ I have examined many new domains which contain malicious downloads to exploit a user or deploy ransomware to the user’s system.”

When employees use corporate computers within a corporate network, the system has a much higher level of protection from external threats, he pointed out. However, the risk increases significantly when employees are working on a series of home networks. So when the lockdown hit, businesses were forced to take immediate action.

“Companies that didn’t have robust work-from-home technologies already in place had to implement Virtual Private Network (VPN) technologies and lock-down systems,” Fruchtbaum said. “Suddenly, IT and Information Security teams had to expand protection to include home networks locally, regionally, nationally, and potentially worldwide.”

Such a sudden and large-scale effort led to some inevitable cracks. For instance, home workers using personal accessories like flash drives might well expose potentially compromising files to hackers, leading to an escalation in “phishing” attacks targeting workers with ransomware and other malware.

“…anyone looking to change careers — cybersecurity is recession-proof and currently suffers a negative unemployment rate.”
Marc Fruchtbaum

An escalating threat

“Vishing” scams also have been booming, where bad actors identify themselves as a member of the company IT team or vendor to obtain credentials and access the system or proprietary data.

The more serious, large-scale threats target high-profile organizations and individuals with increasingly advanced and disruptive attacks that can impact our entire economy.

“Advanced Persistent Threats (APTs) are the greatest concern as these groups generally are highly organized and frequently orchestrated and supported by foreign governments,” Fruchtbaum said. “APTs are highly sophisticated, select their targets with care, and utilize creative methods to gain access to their target. These attacks greatly harm our economy, especially when targeting intellectual property.”

Cyber espionage is indeed a major threat, with foreign organizations infiltrating American companies, stealing sensitive intellectual properties, and creating knock-off products at far less cost, bypassing lengthy and expensive research and development efforts.

Today’s connected culture is bringing cybersecurity issues much closer to home, fueled by our increasing reliance on the cloud for storing data and the ubiquitous Internet of Things invading our personal lives in a number of ways.

“Companies are embracing cloud computing, and mom wants her refrigerator to read her Twitter feed aloud,” Fruchtbaum said. “The world of Internet of Things is exploding. Just a few years ago, security DVRs and cameras, routers, and smart fridges were routinely all hacked. Security researchers now cringe at the idea of making random devices internet-connected.”

Companies and government organizations are investing heavily to counter these cybersecurity threats, creating a burgeoning need for skilled cybersecurity professionals. Demand has surged in recent years, with more than 112,000 open positions as of 2019 and growth projected at 25% over the next nine years. Highly trained pros can earn up to $156K a year.¹

“As I tell high school students whom I mentor, college students and anyone looking to change careers — cybersecurity is recession-proof and currently suffers a negative unemployment rate,” said Fruchtbaum, instructor for the Division of Continuing Education Cyber Security certificate program. “There aren’t enough people in the workforce to fill open positions, and these numbers are projected to rise exponentially in the coming years.”

Mounting a cyber defense

The Cyber Security certificate program prepares candidates for a career in this exciting and essential field, with a curriculum focused on developing a comprehensive understanding of the principles for designing, engineering, and managing secure information system environments — for today and the future.

Led by experienced instructors, the program addresses a spectrum of issues, from security architecture to disaster-recovery planning. Courses incorporate the most current academic and technical research, helping prepare candidates to sit for the Certified Information Systems Security Professional (CISSP) exam.

“UCI’s Cyber Security certificate program is an outstanding and comprehensive program for individuals starting or transitioning to cybersecurity, or just looking to enhance their general knowledge,” Fruchtbaum said. “Students gain an understanding of cyber concepts, secure architecture, network security, various operating systems, and database technologies, even an introduction to computer forensics.”

Taking the curriculum a step further, UCI has implemented virtual environments where students gain hands-on experience with the concepts they learn in the courses, he added. “It’s not enough to simply introduce a student to a methodology or tool. We want them to get their hands dirty and use the tool!”

More than ever, the U.S. is relying on university-trained professionals to keep pace with other countries, many of which develop highly-skilled cyber experts through mandatory military service. Although the U.S. has a strong cyber defense, talent from leading-edge programs is needed to keep pace in the public and private sectors. (The Department of Defense, in fact, has employed Fruchtbaum to provide training in Offensive Cyber Operations.)

“My friends and colleagues often joke about the many LinkedIn messages they receive from recruiters attempting to fill open positions,” he said. “The field simply needs more people to study, develop innovative solutions, and advocate to combat endless future threats. To that end, many universities have implemented cyber programs — and UCI is a stellar example of an exemplified program.”

Learn more about the Cyber Security program.

¹Source: Emsi-economicmodeling.com