Stopping hackers in their tracks

By Tom Tracy - Florida Catholic

MIAMI | The year 2014 has seen jaw-dropping news of organized cyberattacks against banks, businesses and governments, breaches that have compromised millions of private data, financial accounts and consumer information.

Sony Pictures Entertainment suffered the most recent and headline-grabbing hack. Among the valuable data stolen and made public were emails, scripts of unreleased movies, and paycheck and medical records of 7,000 global employees.

As the public and private sector gear up to meet the challenges of protecting information in the digital era, Catholic universities are among the institutions of higher learning that are responding to the demand for adequately-trained personnel to enter the world of cyber security-related jobs.

That fact wasn’t lost on the leadership at Miami’s St. Thomas University. Its School of Business just announced the formation of a graduate and undergraduate cybersecurity program to prepare local students to meet that market demand.

The university made the announcement during its annual Global Entrepreneurship Week in mid-November. It has established the Gary Goldbloom Endowed Distinguished Chair in Cybersecurity to hire a cybersecurity industry expert. The chair is named after one of the university’s trustees, who is funding the $2 million program.

The cybersecurity master's program will be available in early 2015, followed later by the undergraduate degree. While other university programs focus solely on the technical aspects of cybersecurity, this multi-disciplinary degree will include coursework in criminal justice as well as information technology, making for a well-rounded student, according to Somnath Bhattacharya, dean and professor of accounting at the business school.

“The problem with cybersecurity is that it is not just a matter of computer science, it is a business risk, and so our approach involves courses germane to computer forensics but also policy-making (coursework) from the School of Law and School of Business,” Bhattacharya said. “We will also include criminal justice from Biscayne College to bring in more nebulous areas like cyber-criminal profiling that would allow someone graduating with us to have a more holistic view of the issues.”

The funder, Goldbloom, is a member of the St. Thomas board of trustees and founder of M.G. Investment Inc. based in Coral Gables. His $2 million gift resulted from a trustee conversation about the growing need for cybersecurity and the opportunity it offers to higher educational institutions to prepare qualified candidates for the workforce.

Bhattacharya said that, like other business school fields of study at St. Thomas, the cybersecurity degree will include significant internship experience. The program will also draw strength from Miami’s unique positioning as a gateway to the Americas and as a multiethnic, multilingual community. Local business and civic groups are supportive of the program, he added.

“Geographically, a program of this nature will generate a lot of interest in our community, and we have received some very encouraging interest in this locally from industry and some banks,” he said, adding that Miami is a high-density urban area that retains a lot of its college graduates.

There are plenty of recent examples of the urgent need for cybersecurity experts. Over the last year, cyberattacks have compromised financial and personal data maintained by big-name companies such as Target, Home Depot, J.P. Morgan Chase, eBay, Apple, Yahoo!, UPS, P.F. Chang’s and Dairy Queen.

In October, U.S federal officials warned companies that hackers have stolen more than 500 million financial records over the past 12 months, causing serious harm to confidence in the banking and business worlds.

Although credit card and identify theft has been a major nuisance for consumers — and Florida has been called one of the nation’s credit card theft capitals — new banking and credit card standards going into effect at the start of next year will soon solve those problems for consumer credit card holders, Bhattacharya said.

New credit cards issued in 2015 will feature an embedded microchip that uses data encryption technology rather than the magnetic strip, making it harder to steal consumer identification.

“We are not just focused on credit card theft, which is the tip of the iceberg, and that tip is going to fall off as technology is there to stop that dead in its tracks in the next 18 months,” said Bhattacharya, adding that he was also once the victim of credit card theft.

“We are worried about the pilferage of data through hackers coming into data systems, the actually destruction of systems from parties who are out to hurt the country, the company or people. The bulk of our tension over the next five years will be in that later front.

“It will be a mistake to think our program is addressing consumer credit card theft because state-sponsored cyber terrorism is much more nefarious,” he said.

Another source of company or government data breaches is from within. Research shows there has been a great deal of mishandling of data by employees, either on purpose or by accident.

To prepare students for the challenges of cybersecurity, they will have to be trained in what Bhattacharya called ethical hacking: learning their way around the craft of hacking as well or better than their counterparts in the criminal world.

“How do you stop hackers? You need to be as proficient as those who are hacking in,” he said. “The ability to profile where they attacks are coming from and analyzing the motivations behind the attacks helps develop a much better profile of who is hacking in and why.”

Cybersecurity: Fast growing field

Although the employment hotspots for cybersecurity are Washington, D.C., New York and the West Coast, Miami ranks in the top 20 for cybersecurity job opportunities, according to an analysis from Burning Glass Technologies, which conducts reviews of job postings across 32,000 online job sites.

Some other cybersecurity job findings from Burning Glass research:

• In 2013, there were 209,749 postings for cybersecurity-related jobs nationally. Cybersecurity jobs account for nearly 10 percent of all computer systems jobs.            

• Cybersecurity postings have grown 74 percent from 2007-2013. This growth rate is over two times faster than all IT jobs.

• Cybersecurity job postings took 24 percent longer to fill than all IT job postings and 36 percent longer than all job postings.              

• On average, cybersecurity salaries offer a premium of $15,000 over the salaries for IT jobs overall.