Blog

Blog

Posted by raherschbach on 29 Nov 2017

It’s a familiar tale by now: a high-profile organization comes forward, well after the fact, to acknowledge that it suffered a cybersecurity breach that affects multitudes of consumers.

Dr. Jason M. PittmanBut in the latest case – involving rideshare giant Uber – the breach itself may not be the most significant part of the story, argues cybersecurity expert Dr. Jason M. Pittman, who teaches at Capitol Technology University.

On Tuesday (November 21) Uber disclosed that it paid $100,000 to hackers who accessed 57 million users’ personal data in 2016. Uber says the hackers promised to destroy the stolen data, which included names, e-mail addresses, phone numbers, and in some cases license numbers.

Although the hack and attempted payoff have stirred up a media storm, Pittman says, the weightier question is “what was Uber doing with all of this data in the first place?”

“The real story here is about the use of information as currency. Uber takes our data and generates revenue through business relationships built entirely on that data,” he said.

Uber, he noted, has data-sharing business agreements with various companies. Numerous media sources, including Buzzfeed, the New York Times, and The Washington Post, have reported on Uber’s ability to collect, view, and share personal information. Being able to sell this data to ancillary services, such as their partner MoviePass, is part of Uber’s business model – and a key reason why it is able to keep fares well below those of traditional taxis.

This also explains why Uber stores user data in the cloud and did not impose tough internal controls on access.

“Business-to-business integration is easier to achieve with a cloud service model than with an antiquated, self-operated data center model,” Pittman said. “And controlling access to driver and ride information could negatively impact business operations.”

Stock photography of a woman using her mobile phone.While data-sharing arouses alarm in some quarters – especially when that data gets hacked -- the reality is more complex.

“It’s not in itself a malign phenomenon,” Pittman explains. “Think of the potential good that can come about from information sharing between Uber and Moviepass. Uber knows that a movie’s a hit, so it can make sure sufficient drivers are in the area. Moviepass understands your behavior, so it can inform you of movies you’d like to see and make it easy to get tickets. And then getting a ride there and back is a snap.”

As more and more companies strike deals based on data, tough questions will arise about their responsibility to safeguard that information. The legal and ethical implications remain unclear, Pittman says, because consumers voluntarily cede control of their personal data when they sign up for services like Uber, giving up privacy in exchange for convenience.

“Does Uber have a responsibility to keep this data private?” Pittman asks. “Is it reasonable to expect that our individual claims to privacy extend to a company we've willingly transferred our data to?

“Or, is this simply a sign of the inevitable transition from the Information Age to the Virtual Age? Maybe our concept of information and privacy is what needs to change.”

Blog

Posted by raherschbach on 28 Nov 2017

Convenient to your door delivery, multiple product reviews at your fingertips, and the promise of grabbing that sale without having to compete in an Olympic-sport-like wrestling match for the last of this season’s hottest item? It’s no wonder more people are choosing to do their holiday shopping online.

Stock photo of a man using his cell phone.But with large data breaches on the rise, like the recent breaches in security with Equifax and Uber, consumers have the right to be concerned about the safety of their information once it hits the internet.

So what are some steps online shoppers can take to help safeguard their data and protect against theft? We asked our Capitol cybersecurity professors for their thoughts:

Dr. William Butler, chair, DSc, cybersecurity program

  • DO: Use a card that has a good dispute resolution process.

American Express, from what I hear, is one of the best – if you dispute something, they’ll reverse it. Some people have a card that they use specifically for online shopping, so that if there’s a dispute on the charge, they don’t have to go through a lot of rigmarole.

  • DON’T: Use websites that want to store your credit card information.

If you have the option, don’t store your credit card information, unless you really like that convenience, because that’s where most of them are getting compromised during the breaches. It’s convenient to store your credit cards on the websites you use the most, but then again that’s where the compromises have happened. With sites like Uber, and others that didn’t report breeches, people’s credit card numbers are out there.

Stock photo of a keyboard displaying the word "cyber security."Dr. Jason Pittman, DSc, professor, cybersecurity program

  • DO: shop online without fear.

Retailers do their best to protect purchases and the probability of compromise is low given the amount of companies and sales during this season

  • DON’T: shop online by clicking on links in emails.

Browse directly to the retailers you want to visit to avoid phishing attempts. Yes, your coupon will still apply.

Professor Rick Hansen, cybersecurity program, Cyber Battle Team Coach

  • DO: Always look for the picture of a lock when you’re shopping online.

It signifies a secure site. If you’ve never been to the site before, click on that lock in order to find out more about the site’s security. When you go to the shopping cart, you’ll see that lock. It ensures that you’re on a site that has secure transmissions. If you’ve never been there before, or if it looks sketchy, you can click on the lock and find out more about the connection.

  • DON’T: Click on the links if you receive an e-mail that looks legitimate but is from someone you don’t know.

Most of the time you can hover over the links and see what URLs they actually go to. Say you get an e-mail that looks like it’s telling you about a special offer on Amazon. Don’t necessarily assume it’s really from Amazon – check the identity of the sender. You can do this, on many e-mail clients, with a right mouse click and see what the name is. Sometimes you’ll get sent a link that’s tagged “Amazon.com” but when you investigate the link, you see that it’s actually going to Bob’s Towing.

Keep these Do’s and Don’ts in mind for a safe, secure, online shopping experience this holiday season.

Blog

Posted by svanhorn on 27 Nov 2017

It’s that time of year -- holiday season. That also means cybercrime season. Black hat hackers are on the prowl as we approach the busiest shopping season of the year.

Graphic featuring a woman shopping with her laptop as various icons swirl in her presence.Many companies make as much as one quarter of their annual revenue during the last three months of the year, according to Symantec. Cyber criminals – always on the lookout for opportunities to exploit vulnerable systems and unsuspecting users – often have extra leverage during these critical shopping days.

As hackers continue to perpetrate spectacular data breaches, striking government agencies, corporations, cities, and private citizens with alarming regularity, companies are spending millions to defend themselves and rapidly recover from such attacks. But what can you do to protect yourself from cyber attacks?

According to the chair of Capitol Technology University’s cybersecurity program, Dr. William Butler, there are steps each of us can take in order to avoid becoming a victim.

“Make sure your anti-virus software (AV) software is up to date, use only strong passwords and vary them across websites, make sure you are using your browser in secure mode only, and back up your data regularly and store in a safe place (for example on a cloud drive),” Butler recommends.

Dr. William Butler, chair of Capitol's cybersecurity programBut what if you take precautions and are successfully targeted anyway? According to Butler, it’s important to get in touch right away with the proper authorities so that they can investigate.

“If you fall victim to ransomware attacks and other cybercrimes such as identity theft you should immediately contact the Internet Crime Complaint Center (IC3).” Butler says.

The IC3 is co-sponsored by the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).  For additional information, check out the FBI Page for holiday scams warnings: http://www.fbi.gov/scams-safety/e-scams.

“Remember your personal data or computer should be considered your personal critical infrastructure and should be guarded accordingly,” Butler says. “Shop safe, shop smart, and happy holidays!”

Blog

Posted by Anonymous (not verified) on 22 Nov 2017

When a new career path opens up, it’s nice to get there before the crowd.

 Right now, companies and organizations face a critical need for professionals who can use cyber analytics skills to stop breaches before they occur – thus protecting sensitive data and avoiding the business losses and lowered customer confidence associated with a cybersecurity incident.

Stock photo of a man pointing to a screen while colleagues watch.They are looking for individuals who not only understand cybersecurity, but are fully at home in the world of data. That means fusing two sets of skills that traditionally have belonged to different domains within education – cyber and business analytics.

“The demand for this combination is unbelievable,” says Dr. Helen G. Barker, vice president for academic affairs at Capitol Technology University. “Because of the lack of degree programs and other avenues for training, companies have had to train their own teams to do this internally. There hasn’t been anything out there that combines cybersecurity and analytics.”

Until now. Starting in Fall 2018, Capitol will be offering a new master’s degree program in cyber analytics, designed specifically to equip students to meet this rising industry need. Like all graduate programs at Capitol, the new master’s degree program in cyber analytics will be offered entirely online.

Protecting company data and assets has traditionally been the job of cybersecurity specialists, who rigorously test networks to locate vulnerabilities and deploy recovery procedures in case a breach happens. With the volume and sophistication of attacks on the rise, however, interest is growing in a new approach – one which uses analytical tools to identify patterns that could be indicative of a coming breach.

Stock photo of a Secret Service agentCyber analysts combine cybersecurity skills with the analytics knowledge needed to identify such patterns. This powerful combination offers the hope of stopping cybercriminals and adversaries before they can act.

Students in Capitol’s Cyber Analytics program “will learn to think like the hacker and beat them at their own game” said Professor Soren Ashmall, who is associate director of master’s programs at Capitol and part of the planning team for the new degree.

Capitol will be working with key players in the cyber and analytics industry, including software giant SAS, to shape the curriculum and resources. SAS was on the Capitol campus Friday (November 3) to discuss with students the rising demand for analytical talent in technology and business.

SAS is interested in working with schools like Capitol that are educating a corps of professionals with both technical and analytical expertise. “We have the technology and the tools” said SAS analytics consultant Andre’ de Waal, “So we’d like to make our tools and technology available to universities so that you can be exposed to the tools and analytics, so that when [students] get to the workforce they are ready to succeed without the companies having to go for further training.”

Classes in the cyber analytics program will begin in September 2018, but the program is open for enrollment now. For more information, contact the Graduate Admissions office at Capitol: gradadmit@captechu.edu.

Blog

Posted by Anonymous (not verified) on 15 Nov 2017

With massive breaches of sensitive data in the news daily, the cybersecurity profession has entered the public spotlight as never before. Career opportunities remain plentiful, with demand far outstripping supply. What are the critical skills that an aspiring cyberwarrior needs for success? And what are some of the most common tools used in the field?

“From a beginner’s perspective, learning the Kali Linux operating system is something that can have a great impact,” says Dr. William Butler, chair of the cybersecurity program at Capitol. “This is a variant of Linux that was designed for penetration testing. It comes with a menu of pre-installed tools, such as Nmap and Nessus, which are designed to detect network vulnerabilities. Bachelor’s in cybersecurity students here at Capitol use many of these tools during their introductory courses.”

Students are then introduced to other tools such as Wireshark, which allows them to capture and analyze packets in order to determine what data is in them, and what sorts of commands they might contain, he said.

Cybersecurity students also learn to use forensic tools – the same tools used by police investigators or the FBI to solve cyber crime and criminal cases – in order to examine code hidden on a computer’s hard drive or in memory. Capitol courses and labs include experience with the Encase forensic toolkit, regarded by many as the gold standard in the field, as well as Oxygen forensic software and Cellebrite data extraction and analysis tools.

All these tools help cybersecurity pros retrieve valuable data, but the process doesn’t end there. Data must also be analyzed. Teaching students to do that is a vital component of cybersecurity education.

A solid background in computer programming is an asset for anyone aiming to enter this exciting, high-demand field, Butler said. “You’re dealing with enormous quantities of data. To have the ability to organize that data, analyze it, and draw conclusions, you need a scripting language such as Java or Python. Programming languages such as C are also in high demand.”
 


Pages