Business Monday

The key to combating cyber insecurity: changing behavior, training the workforce

Philip Hammond, U.K. chancellor of the exchequer, delivers a speech during the Microsoft Corp. Future Decoded Conference at the ExCel London conference center in London, U.K., on Tuesday, Nov. 1, 2016. Businesses and homes are increasingly vulnerable to cyber attacks as people install Internet-connected appliances and companies rely on outdated systems, Hammond warned.
Philip Hammond, U.K. chancellor of the exchequer, delivers a speech during the Microsoft Corp. Future Decoded Conference at the ExCel London conference center in London, U.K., on Tuesday, Nov. 1, 2016. Businesses and homes are increasingly vulnerable to cyber attacks as people install Internet-connected appliances and companies rely on outdated systems, Hammond warned. Bloomberg

Cyber threats facing the United States and the world are growing at an alarming rate and are expected to continue to grow well into the 21st century. The Internet, combined with our never-ending pursuit of improved quality of life is revolutionizing the way we live. Everyday devices are rapidly moving online, from automobiles to refrigerators and home alarm systems. More than 200 billion devices are expected to be online by 2020, an increase from 15 billion in 2015.

Today, and for the foreseeable future, the individual remains the biggest cyber security liability to organizations. Technologies designed to protect organizational infrastructure have improved significantly over the years and helped defend against hacking and physical attacks to steal information.

However, organizational culture and human behavior have not evolved nearly as rapidly as technology. Cyber criminals continue to focus on improving capabilities to deliver malware and attacks that center on tricking individuals into allowing access to systems.

In South Florida and throughout the hemisphere, Florida International University is leading the way to train the emerging workforce needed to combat the increasing threat of cybercrime. Earlier this month, FIU teamed with the Organization of American States (OAS), Verizon Communications and Microsoft to launch a certificate in cybersecurity leadership and strategy.

More than 50 participants from eight counties spent two days examining the complexity of cyber threats, best practices and optimal strategies and approaches to prevention. The program, one of a series of cyber programs at FIU, will be offered in Miami again in the fall and in Washington, D.C., at the OAS headquarters in the spring.

The goal is to change behavior. To do this, we must strengthen what we call the “cyber hygiene” of users through a mix of training and educational activities. Cyber hygiene — taking precautions to mitigate threats — should be integrated into primary and secondary education. Trade schools, community colleges and universities should develop short and long-term educational opportunities designed to move students into the workforce more rapidly. Educators must also target professionals in a wide range of fields and levels — from program management to administration, from office clerks to executive officers.

While culture and behavioral vulnerabilities present the greatest potential for criminals, a looming shortage in information security professionals is adding another dimension of complexity. Recent workforce studies suggest that we will have a 1.5 million-person shortage of qualified information security professionals by 2019. That means cyber security threats continue to expand and outpace our ability to produce talent.

The global cost of cyberattacks is expected to grow from $400 billion today to $2.1 trillion by 2020. Technology alone will not solve the problem because it takes serious human capital to implement and maintain those technologies, and rapidly changing technological solutions require constant training for information security professionals.

How many of us still pick up thumb drives at trade shows and plug them into laptops? Emerging trends suggest that cyber criminals are targeting trade shows to plant malware on giveaway thumb drives. How many of us would second-guess clicking a link that came from a supervisor? Attacks against servers are steadily decreasing, while attacks against user devices, desktops, laptops and mobile phones are increasing.

Until we shape overall behavior towards an environment more conscious of cyber threats, individuals will remain the weakest link in our cyber defenses.

Brian Fonseca, fonsecab@fiu.edu, is director of the Jack D. Gordon Institute for Public Policy, and leads the cyber policy initiatives, at FIU’s Steven J. Green School of International and Public Affairs. He is co-author, with Jonathan Rosen, of “The New U.S. Security Agenda: Trends and Emerging Threats” (early 2017).

▪ Have a ‘My View’? If you have a point of view on a business topic you would like to share, consider writing about it for Business Monday. Pitch your idea to rclarke@miamiherald.com. ‘My View’ submissions that are accepted are published as space allows.

  Comments