7 things you should know about cybersecurity

Connected devices are everywhere — from our phones and doorbell cameras to our cars and smart infrastructures — and the security of those devices is critical. Cybersecurity needs to be everyone’s responsibility; we must all work together to create a safer environment for this generation and those to come.

Since 2004, the President of the United States declared October to be Cybersecurity Awareness Month, led by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance. This year’s theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, it’s really about the people.

In this Q&A, Arizona State University experts Nadya Bliss, executive director of the Global Security Initiative, and Jamie Winterton, director of strategy at the Global Security Initiative, discuss how cybersecurity is everyone’s responsibility, how can you protect yourself online and what can we do about cybersecurity challenges.

1. Why is cybersecurity critical?

Nadya Bliss: Computing and connected devices are literally in every aspect of our lives and we put so much trust in them to help us function as individuals and as a broader society – from helping us organize our day to tracking our exercise to managing the worldwide supply chain of critical goods. As a result, the security of those devices is paramount.

Jamie Winterton: So many of the building blocks of society are connected to the internet, so I think it really counts as critical infrastructure at this point.

2. What can people do to protect themselves online?

Here is some practical advice from Bliss and Winterton.

• Step back and assess. Ask yourself: “Why do I feel threatened and what do I need protection from?”
• Keep your technologies up to date. Updates help to identify software vulnerabilities to keep our operating systems secure.
• Be careful with untrusted sources. If you do not recognize a link that someone has shared with you, do not click on it — many times these are malicious and can cause harm.
• Turn on multifactor authentication. In addition to your regular password, this will give you an alert to ensure this is you logging in to your bank account or credit card website.
• Use a password manager. These let you create complex passwords that you likely cannot remember, and help make your life easier by keeping them safe.
• Think before you share. Always check your sources and avoid spreading misinformation and phishing attacks. Many phishing scams today are relying on a fear factor, resulting in poor decision-making. Pause, think and understand.
• Disabling unnecessary connections to the internet. Many times, day-to-day devices do not have protocols for updates that protect from security breaches — so disconnect them from the web if you can.

3. Why is cybersecurity a good career choice?

Winterton: The first reason is the pay — cybersecurity professionals tend to be paid very well. There are so many ways to participate in cybersecurity, and I think that gets missed sometimes. There are needs in governance, compliance, in policy and in being a security evangelist to users and communicators. All of these are sorely needed today.

A second reason is the fact that careers in cybersecurity drive real-world impact. You are doing something which protects those who may not be able to protect themselves. When we create more secure technology, we are asking users to take on less burden, and also less risk.

Bliss: Thinking like a hacker does not necessarily require a technical background; there are great cybersecurity professionals who have backgrounds in history, philosophy and theater. Many studies show that there is a labor shortage in cybersecurity. As technology evolves and increasingly becomes prevalent, opportunities continue to rise. An employee on this desired career path is guaranteed a growth trajectory due to the many opportunities to learn different techniques, modalities and operations within cybersecurity.

4. What is the reason and solution for the deficit within cybersecurity?

Bliss: We have an overfocus on capability and an underfocus on security, which is often relegated to a secondary consideration. Also, the cost of vulnerabilities continues to rise — from the Colonial Pipeline ransomware attack to the Equifax data breaches — and the shift we see now is that people realize the importance of security. We need a different set of incentive structures in order for things to improve at a steady rate, and the next step is implementation.

Winterton: In the infosecinformation security community, we hear about companies that create job postings that do not match the actual need. Yes, we need more people in the field, but we need to hire the right people, with the right experience, as well.

Learn more about how ASU is addressing the deficit of cybersecurity.

5. What are some predictions about the cybersecurity industry in the near future?

The following predictions from Winterton and Bliss look ahead over the next five to 10 years:

• Increased cybersecurity risk in health care, biotechnology, agriculture and automotive industries.
• A continued increase in coordination between government and industry, much of which is made possible through the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
• The increased adoption of artificial intelligence both in making systems more resilient to attacks, and allowing automated agents to initiate attacks faster and more efficiently.
• Foundational breakthroughs in quantum computing capabilities and corresponding potential impacts on broadly adopted technologies such as encryption.

6. What are some grand challenges effecting cybersecurity?

Bliss: We tend to be more excited by novelty than we are about security, and I think we need to pause and ask ourselves, “Do I need this household item to be connected to the internet?” Also, we need to connect the communities of those who build the systems and those who use them. We should ensure a better understanding of the vulnerability space at all education levels, from kindergarten all the way up.

Winterton: In the United States, we have an overlap between the public and private sectors, and the regulation and governance across those spaces will always be a grand challenge. There are unique issues when privately-owned companies that perform public good are breached or fall victim to ransomware, like Colonial Pipeline. The challenges increase when we look at the international level, and we do not as of yet have an international consortium to address cybersecurity issues. This is possibly the grandest challenge of all.

7. What is ASU doing to address these challenges?

Winterton: We cannot fix cybersecurity issues without a radical interdisciplinary approach, and at ASU, we have the edge through the Center for Cybersecurity and Trusted Foundations. One of the focuses of the (center) is to give people hands-on experience in real-world situations.

ASU has a wide range of offerings in cybersecurity training and education that enable people to pursue different career paths in the field. In addition to formal degrees through the School of Computing and Augmented Intelligence and other academic units, ASU is engaged in experiential learning – through efforts like supporting student hacking clubs and organizing Capture the Flag competitions, including in the past organizing the largest in the world at DEF CON.

Learn about ASU’s involvement in DEF CON.

Get involved this cybersecurity awareness month

• ASU Hacking Club. The ASU Hacking Club aims to teach people the basics of hacking.
• Pwn.college. The online educational platform provides training modules to aspiring cybersecurity professionals both within and outside ASU.
• ASU’s computer science (cybersecurity) Bachelor of Science degree. Through the School of Computing and Augmented Intelligence, this degree provides students with the knowledge and skills needed to build dependable and secure information systems and networks, and to ensure the integrity and quality of information being stored, processed and transmitted.
• Get Protected. ASU is committed to raising the bar when it comes to cybersecurity awareness. Get involved with events and campaigns this October.