天美影视传媒

  1. Home
  2. Departments
  3. Office of Marketing and Communications
  4. USA News
  5. 6 Ways to Avert the Next WannaCry

6 Ways to Avert the Next WannaCry

Posted on May 26, 2017
Bob Lowry

The WannaCry ransomware attack this month spread like wildfire through the Internet, infecting more than 300,000 personal computers in over 100 countries, using up to 28 languages to demand money from users.

Much more than a nuisance, WannaCry compromised health care delivery systems and prompted some medical providers to turn away patients or postpone surgeries. Victims usually had a short window of seven days or less to comply.

Not unlike treating an illness, the best safeguard against becoming a ransomware victim is to have a good defense in place. Dr. Alec Yasinsac, dean of the School of Computing, and professors Dr. Todd Andel and Dr. Todd McDonald, offer six insights on what you can do 鈥 and what the School of Computing is doing 鈥 to combat cyberattacks:

  1. First, look in the mirror. 鈥淪uccess against a cyberattack is ultimately tied to the actual person that allows its execution,鈥 Yasinsac said. 鈥淜eeping systems and applications patched and up to date are obviously key to defeating malware infections, but first strikes and day zero attacks still pose a major threat to organizations, even those with good security policies in place.鈥

  2. We鈥檙e no stronger than the weakest link. 鈥淣o matter how much awareness and security training are provided, it only takes one careless user to compromise an entire organization,鈥 Yasinsac said. Additionally, as computing and software tools and capabilities become increasingly sophisticated, deception and social engineering are similarly getting better and better. 鈥淚t can be very difficult to recognize a fraudulent or copied website, even for a well-trained user,鈥 Yasinsac added. 鈥淐ybersecurity will always be an 鈥榓ttacker-defender鈥 competition, with the effectiveness of network applications lying in the balance.鈥

  3. You can lead a horse to water, but鈥 Large organizations are taking security more seriously and software developers and network service providers think more about security than they used to, often requiring safe passwords and password renewal periods. 鈥淎gain, for end users that really don't understand computers, it is very difficult to protect them from sophisticated attackers, because the end user ultimately owns their destiny,鈥 Yasinsac said. 鈥淚f the user wants to take the risk, for example, of providing their bank account number to an online solicitor, the system can discourage, but cannot prevent, that transaction.鈥

  4. The School of Computing is developing cyber defenders. USA鈥檚 Center for Forensics and Information Technology Security and the Information Assurance (IA) program are certified as a Center of Academic Excellence (CAE) in Cyber Defense. 鈥淥ur IA curriculum meets standards based on the National Initiative for Cybersecurity Education鈥檚 workforce framework. This means that our security curriculum is mapped against national standards based on government and industry demand for cybersecurity professionals,鈥 Yasinsac said.

    鈥淚n addition, the certification means that our faculty are engaged in cybersecurity and IA research, professional development and outreach.  CAE designations require evidence of productivity in both research and education related to cybersecurity, so that students not only have great curriculum but availability of expertise and the environment to grow their workforce skills.鈥

  5. 鈥nd offering scholarships. 鈥淲e have awarded 29 NSF Scholarships for Service to increase the number of qualified students entering the fields of information assurance and cybersecurity, with 15 graduates now serving in federal cybersecurity positions in agencies such as the FBI, DHS, EPA, GAO and MITRE, and national DOE labs such as Sandia, Lawrence Livermore, Los Alamos and Idaho,鈥 McDonald said. The current NSF grant, acquired by Andel and McDonald, will award scholarships through 2020 and provide an opportunity for 15-to-20 more students to pursue cybersecurity education at the undergraduate, graduate and doctoral levels. 鈥淭he program has been wildly successful and opened up new opportunities for our students in terms of academic research, job skills and job placement as cybersecurity professionals,鈥 McDonald said.

  6. 鈥nd winning competitions. The School of Computing鈥檚 DayZero student team last month won the Southeast Collegiate Cyber Defense Competition and earned a trip to the national finals. 鈥淭he cyber collegiate defense competitions are one example of activities where our students play the role of real-world IT staff managing a real corporate business network against active attack,鈥 said Andel, who served as the team's coach. 鈥淭hese types of skills are highly sought after in today鈥檚 environment where cyberattacks are increasing in scope and impact.鈥  Many large companies and government agencies directly recruit from CDC competitions: at the national competition, for example, a job fair is held where interviews and discussions are considered equivalent to job interviews 鈥 with offers made on the spot.

Dr. Alec Yasinsac served in the U.S. Marine Corps for 20 years before transitioning to academia in 1999 as a computer science professor. He joined USA鈥檚 School of Computing as professor and dean in 2008.  Dr. Todd Andel joined the University in 2012 after a five-year faculty stint at the Air Force Institute of Technology. Dr. Todd McDonald served 20-plus years in the U.S. Air Force before joining South in 2011.

Share on Social Media

Archive Search

Latest University News