Published 4:46 pm, Tuesday, October 24, 2017
Photo: J. Scott Applewhite /Associated Press
Each October, the nation commemorates National Cyber Security Awareness Month, guided by the U.S. Department of Homeland Security and the National Cyber Security Alliance. And like other national awareness campaigns, Cyber Security Awareness Month motivates individuals to follow practices that protect and enhance their personal safety.
Observing good cyber security practices not only protects your own personal security or the security of your employer. On a much broader scale, it contributes to the national security of our country.
What makes this year’s Cyber Security Awareness Month different from past observances is that some of the focus on cyber security and human behavior is beginning to shift from the traditional preventative and educational awareness messages about direct cyber attacks to more sophisticated attacks that use social media to disrupt political, social or economic processes within targeted nation states.
The most prominent examples of this are the recent revelations by the intelligence community and congressional committees that there is significant evidence that there were concerted social media campaigns as well as traditional cyber attacks to gain confidential information that was used to generate chaos and attempt to influence the latest U.S. presidential election.
This is a new and serious kind of cyber threat, where the battleground is not comprised of firewalls, routers and phishing emails but one driven by fake social media accounts, disinformation and personal online attacks against individuals attempting to discredit false information.
What we are quickly discovering is that this new kind of attack has the potential to cause at least as much or perhaps more damage to national security as intrusions into trusted computer networks.
One of the challenges we face is how to defend against this new form of cyber attack.
While recent efforts to better understand this relationship in terms of information security have been underway by a small group of social scientists, the vast majority of traditional efforts in the field have been related to hardening hardware and software already in use.
It’s only recently that there has been a concerted effort by professionals in the information security field to develop initiatives like threat intelligence and the formation of cyber threat hunting teams utilizing profiling and other social science techniques to identify and neutralize cyber threats in the real world.
On an individual level, two recent cyber security breaches are also wreaking havoc on individuals. The Equifax breach involved personal information from an estimated 146 million Americans and exposed them to possible identify theft that could result in credit accounts being fraudulently opened using that information.
Similarly, a much larger cyber attack on Yahoo resulted in its entire 3 billion-user account database being compromised. Information including names, addresses, hashed passwords, phone numbers, email address and birthdays were stolen. Hackers also took security questions and answers from a portion of those accounts.
Since email addresses are often utilized as a form of user validation for many other accounts and many people reuse email passwords for other more sensitive logins, the seriousness of the Yahoo event cannot be understated.
Cyber security is a very real concern — in the United States and around the world.
As we prepare to meet the cyber security challenges of the future, we are going to encounter more of these challenges and we will have to embrace new types of efforts to meet them. We should be prepared to support these new efforts with the same determination and resolve that can currently be found in more traditional cyber security practices.
Without gaining a better understanding of how to defend against these new types of attacks, the consequences will continue to escalate.
Max Kilger is the director of Data Analytics Programs in The University of Texas at San Antonio College of Business. He is also a faculty member in marketing and information systems and cybersecurity.