7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Embracing Cybersecurity Awareness

We’re about halfway through National Cyber Security Awareness Month. I wanted to talk about the importance of securing your perimeter of online and network usage. Users tend to assume that security is an on-off switch that can be controlled or activated when and as often as needed. Experts in the cybersecurity industry are aware of this misconception. It is not sufficient to activate anti-malware and anti-virus software updates; it is also eminent to update the underlying operating system — especially when working with cloud and big data-based enterprises, both private and public.

Additional awareness should be embraced and adopted not only on wired but also wireless infrastructure. It is not as easy, but care must be exercised when accessing sites which do not begin with “https” on their URL.

The most important element is self-discipline and caution when browsing sites, downloading files, and accessing unknown or unsure sources of email. Also, training and education should be routinely and continuously conducted to educate users, managers, and IT and system administrators to follow certain password guidelines and schemes.

System recovery, backup, and updates must be routinely performed. Also, additional security algorithms must be used and devised always to combat, lessen, or deter attacks. Users must be aware of pop ups, ads, adware, malware, spyware, social engineering, and shoulder surfing, a way in which people can look over a user’s shoulder to obtain passwords or information they are inputting on their devices.

Always be leery of where you are sending and downloading your private data, especially when using the cloud. As a cloud security expert, I promote awareness of using the cloud as a convenience– but always exercise care and be alert. It is the price we pay for technological civilization. A byproduct of technological civilization and advancement is cybercrime. As we advance our technologies, we must also be prepared to secure these technologies. As such, we must also be prepared to sacrifice convenience. This is a fact.

unnamedDr. Ihssan Alkadi is an adjunct professor at UMUC and is on the faculty at Southeastern Louisiana University in the Computer Science Department. Dr. Alkadi received his B.S. in Computer Science at SLU and went on to earn his M.S. in Systems Science and his Doctoral degree in Computer Science from Louisiana State University (LSU). His areas of expertise include software engineering, and Internet, HTML, and operating systems testing. His research interests include testing in object oriented systems, systems validation, and system verification. His current research is in cloud computing security and cybersecurity.

Cyber Catch Up 10/5/15

Here’s what you missed last week…

It’s bad enough to have to worry about your data getting stolen. Now officials are concerned about the next front in malicious cyber activity: efforts to deliberately manipulate data. As data theft continues, banks are now looking to retailers to bear the losses. News of the VW scandal continues, and one story indicates that “the faster we upgrade our roads and autos with better capabilities to detect and analyze what’s going on in the transportation system, the better we’ll be able to find hackers, cheaters and others looking to create havoc on the highways.”

Microsoft reported that the highly suspicious Windows update that was “delivered to customers around the world was the result of a test that wasn’t correctly implemented”– but this isn’t the first time a Windows update has been compromised. As cybercriminals move from online banking to the industrial supply chain, they find the Dyreza computer trojan a useful tool. On Thursday, T-Mobile announced that about 15 million of its U.S. customers may have been exposed in a data breach at one of its vendors. Also on Thursday, it was reported that newly discovered vulnerabilities in Android’s media file processing may lead attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.

Apple’s new privacy policy was announced and has been given kudos in its design and simplicity, promising personalization without sacrificing privacy. In the meantime, privacy advocates increase efforts to beat back cybersecurity information-sharing legislation. Recently, Edward Snowden and a number of his supporters put forward a proposal to curb mass state surveillance. Could this be doomed?

With National Cyber Security Awareness Month in full swing, it’s time for millennials to step up their slacking security habits— according to a recent survey, they are least likely to protect their data, despite being the most concerned with cybersecurity. According to another survey, even though IT professionals often warn their superiors about pending IT security disasters, almost half of respondents report that executive management fails to take action.

Researchers have created an AI system to detect malware in shortened Twitter links, exposing a security flaw in Twitter’s site. Speaking of malware, are you searching for celebs in your spare time? Be careful who you search for– a study shows that celebrity searches are loaded with malware. Steer clear of getting the scoop on Kelly Brook, Nick Grimshaw, Kate Middleton, Idris Elba, Frank Lampard, Jeremy Clarkson and Tom Hardy, among others.

Screen Shot 2015-09-30 at 12.36.23 PMRebecca Foss is the Director of Social Media at the University of Maryland University College (UMUC). In her current role, she is working with stakeholders across the university to develop the overall strategic approach in using social media platforms and tools globally for UMUC. She has over 15 years of marketing and communications experience and has been involved with championing social media initiatives since the early stages of the medium’s existence in 2007. Rebecca specializes in content management, creation, and curation and serves as co-editor of the Cyber Connections blog. 

October is National Cyber Security Awareness Month

We live in a digital era and are more connected than ever before. The increased reliance on the use of Internet in our daily lives comes with increased cybersecurity risks. Today, no one is immune to the cyber risks. As a nation, we face rapidly evolving cyber threats against our cyberspace, a critical domain of our national security. As individuals, our finances, identity, and privacy can be threatened by online theft, fraud and abuse.

Recognizing the importance of cybersecurity to our nation, President Obama designated October as National Cyber Security Awareness Month. The purpose of National Cyber Security Awareness Month is to enhance cybsercurity awareness among organizations and individuals of all ages and segments of the community.

UMUC has joined with the Department of Homeland Security in the promotion of Stop.Think.Connect, a national public awareness effort aimed at enhancing cybersecurtiy awareness and empowering Americans to be safer and more secure online. As part of the Stop.Think.Connect Campaign, UMUC offers a variety of cybersecurity awareness and educational activities during the month of October to its community – students, alumni, faculty, staff and beyond. We encourage you to actively participate in these activities as cybersecurity is a shared responsibility and we each have a role to play in promoting and protecting the cyberspace.

Thank you for all your efforts in promoting cybersecurity awareness during October and beyond. Together we can meet the cybersecurity challenges of today and tomorrow.

Dr. Amjad Ali serves as associate vice president and cybersecurity advisor to the president of University of Maryland University College (UMUC). In addition, he is professor of cybersecurity at the Graduate School. He made significant contributions to the development and launch of UMUC’s cybersecurity programs and initiatives, and has served as director of the UMUC’s Center for Security Studies of the Cybersecurity. Before joining UMUC, Amjad worked as manager of Continuing Education at the American Council of Engineering Companies in Washington, DC.  He has also served as the Dean of Keller Graduate School of Management-New York Region. Amjad has presented at major conferences and seminars on cutting-edge topics in cybersecurity, and he has a strong portfolio of scholarly publications. He holds a doctorate in Engineering Management from the George Washington University. He is UMUC’s staff to the Maryland Cybersecurity Council and serves on the advisory board of the Center for Strategic Cyberspace & Security Science and AFCEA International Cyber Committee.