We are facing a threat to our way of life that doesn’t include mushroom clouds or troops massing on beachheads. This threat doesn’t pit armadas of missiles lobbed over oceans heading toward unsuspecting cities. Already, this threat—an assault on our civility—is quietly underway, devastating the confidence we have in our electronic infrastructure that so many rely for work, play, and life. We all are threatened by the emergence of computer hacking, which hits not only our government installations, military communications, financial institutions, and corporate customer records, but our homes and offices.
Even though each and every one of us potentially can be a casualty of this far-reaching cyber conflict, business schools can serve in the fight by preparing our students for a dystopian onslaught of computer worms, software viruses, and whatever the next big “ware” is. We must prepare them for transportation systems becoming paralyzed, power plants going dark, driverless cars and even jet liners being commandeered by forces that originate from within the muted hum of a laptop or the hushed blip of a smartphone. It’s our responsibility to prepare ourselves, our students, and organizations for this new reality.
Cyber Threat Escalates With WannaCry Ransomware
Just look at the global hack earlier this month that froze more than 200,000 computers in universities, hospitals, and public transportation systems. Businesses ranging from car dealerships to movie theaters in some 150 countries were held hostage in the attack of the WannaCry virus, a form of ransomware in which hackers demanded money to allow users to regain control of their own computers.
What’s troubling is the origin of this virus. Microsoft officials blame the National Security Agency, which in April had the software behind WannaCry stolen by hackers and, by some accounts, didn’t immediately tell Microsoft, which could have issued a patch to protect systems.
Microsoft eventually released its security patch shortly before the hack. If people had paid attention and installed the patch, much of the WannaCry strike, which cost an estimated US$4 billion in damages worldwide, could have been avoided. So don’t blame the computers, the connections, your smart phones, Microsoft, or the NSA. Humans—again—prove to be the weak link.
We do have defenses in place. Microsoft periodically does issue patches for possible breaches in its systems, but how often do people see these updates and ignore them because they can’t stop work or give up Facebook for a few minutes to allow the system to install protections? We all are guilty of that. By leaving our vital cyber infrastructure open to attack, we’re playing right into the hands of the hackers, and they are quick to take full advantage.
Complacency, Vulnerability Create Opportunity
Black-hat hacking is the new Bunker Hill, Gettysburg, Ardennes, and Normandy, though it isn’t waged with soldiers and artillery. Rather, it is executed by new-age boiler-room warriors armed only with keyboards and an internet connection. They are willing and able to cast all-out mayhem upon everyone. Blood may not be spilled, but a sense of invasive helplessness has the potential to hit all of society.
Regardless of who is behind the attacks, measures must be in place to protect civilization from these scurrilous raids on our way of life.
We have grown accustomed to our computers; indeed, we rely on them. They have become integral parts of our daily lives. We work on them. We conduct business with them. We play and are entertained thanks to them. We keep in touch with family and friends through them. They ar
e in our offices, homes, vehicles, and even in our hands as we stroll along a beach. They keep us connected to one another, and it is that connectivity hackers want to disrupt.
Why? It could be pecuniary gain, access to bank accounts and transactions. It could be ego; bragging rights or a grudge against a nation, a business, or an individual. Whatever the reason, hackers know we rely on computers and revel in the disruption caused when we are locked out. Making such a bold, brazen affront to our civility gives cyber muggers the measure of power they crave.
But we can and should fight back with a sure-fire resource we already have at our disposal: education. We must create and make available fields of study in our classrooms that focus on cybersecurity. We need to direct our best and brightest technology wizards into that field to protect us from these nameless, faceless keyboard thugs in order to come up with ways to prevent them from hacking us and ways to restore our computers to their rightful owners and operators should those machines be compromised.
The Florida Center for Cybersecurity hosted at the University of South Florida (USF) in Tampa is an initiative that involves all of Florida’s public universities. We have recognized that it is vital for people and businesses connecting to each other in this digital age to be protected. We are working together to build a cybersecurity workforce to guard computer users not only in Florida but across the nation and the globe.
Cyber Hygiene: A Top Curricular Priority
All graduates of business schools and colleges need to be familiar with and practice cyber hygiene, the science of keeping computer systems clean and protected from the infiltrating grime that can be transmitted so readily through internet connections. Everyone also should know how to back up their work. The technology exists and is relatively cheap. This keeps the hard work of financial advisors, investors, and managers safe from meddling and theft.
This education should be mandatory because turning college graduates into cyber soldiers may be the only way to stem the growing threat of global hacking. It’s not enough to teach marketing, management, and finance when everything marketers, managers, and advisors do can disappear in an instant. How to protect your systems needs to be a part of every curriculum. This is the road we must take, and here at USF’s Muma College of Business, we are incorporating cyber hygiene into our core curriculum across all disciplines.
In the fall, we also are offering a new online MBA program with a concentration in cybersecurity. It’s our way of recruiting troops in the war against black-hat hackers. Our graduates are being trained to be a formidable defense against such disruptions. But this instruction should be expanded to everyone—not only across the college of business but across the university; and not only at USF but at every university globally.
That there are cyberattacks in one form or another every day is a testament to how vulnerable our computer systems are, but this month’s ransomware attack was more than gaining access to email files at Sony or pilfering customer personal information from Target and Home Depot.
The large-scale WannaCry attack may portend what’s waiting to be unleashed on the world in the years, months, maybe even days ahead. Are we prepared? Because it doesn’t seem to matter how much we spend on cybersecurity; the hackers—at least for now—appear to be one step ahead.
A recent New York Times article reported that IBM’s security research unit collects and monitors about 45 million pieces of spam each day worldwide.
“In 2015, less than 1 percent of the spam was ransomware,” the Times reported. “By last year, 40 percent had a document or web link that activated ransomware, and (last month’s) attack threatens to lift that percentage higher.”
Are we losing this conflict? Is feeling safe on our own computers a thing of the past? The answer is no. If we educate our students in cyber hygiene, we can and will eliminate this threat.
Moez Limayem is dean of the Muma College of Business at the University of South Florida in Tampa. He has published widely on the intersection of technology with the consumer, academic, and business worlds and is coauthor of the book book Understanding The Use of Technology-Based Self Service: The Consumers’ Point of View