Despite repeated warnings about identity theft and threats to cyber security, two of the most common passwords remain “1234” and “password,” both highly vulnerable and a hacker’s dream.
Last year, cyber thieves had an advantage in that there was an explosion in the use of the password, “Starwars;” in 2015, it was “Superman”; and in 2014, the popular password was “Ninjaturtles.”
The sheer number of people using similar passwords makes the job of the hacker much easier.
Such snazzy passwords may be attractive but the average person is unaware of how vulnerable their computers and phones are to attacks and thefts, said Patricia Tamburelli, director of the County College of Morris (CCM) Center for Cyber Security.
Tamburelli and students from the CCM cyber security program presented a program on cyber security to the Morris County Freeholders on Wednesday, Jan. 25. Students previously discussed identity theft with county employees last spring. The college presentations were made after a request by John Tugman, the chief information officer for the county’s Office of Information Technology.
CCM, based in Randolph Township, is the only community college in New Jersey that offers a certification program in cybersecurity, which was developed according to National Security Agency standards.
Students on the panel speaking with freeholders, noted that companies often don’t even know their systems have been attacked for months after the incident. One of the largest attacks came in 2014 when hackers broke into the Home Depot accounts, putting about 56 million customer debit and credit cards at risk. The hacking went on for a full seven months before it was discovered.
One survey showed that 55 percent of companies were unable to determine the location of breaches; 37 percent said they didn’t have enough money to provide security; 33 percent didn’t know of the attacks until a full year later; and 24 percent said compromised passwords led to the attack.
When a hacker gets access to a cell phone, it’s simple to further connect and hack all the contact numbers. The students urged people to change passwords regularly and to use complex passwords made of unrelated letters and numbers or to include fictional friends when websites ask for personal identifying information.
And one of the most common and potentially disastrous things is when people post personal information on social networks such as when they’re going on vacation and for how long.
“Once you post on the social network, it’s there for the world to see,” one student panel member said.
Tamburelli said she began working on cyber security two decades ago, when it was largely considered a government and national security issue. The term was originally “information assurance” but as the implications of cyber security became more of an issue, it was known as “information security.” And now, as security breaches are all too common, the buzzword is “cyber security.”
“Cyber security affects everybody, from cell phones to national defense,” Tamburelli said. “Every single crime has a digital component, even if it’s just the use of the cell phone. The average person has to be aware of what he is doing when he picks up a phone or logs onto a computer.”
The college’s cyber security program is available to perform threat assessments also known as “penetration testing” at businesses and public agencies.
Tamburelli said the CCM Cyber Security Club was the first New Jersey school to compete in the two-day Mid-Atlantic Collegiate Cyber Defense Competition held at the Johns Hopkins University Applied Physics Laboratory in Laurel, Md., March 31 to April 2, 2016. Students were faced with a computer that had been infected by terrorists bent on destroying the financial system of the fictitious country of Hackistan. Teams had to manage and secure their regional systems in order to restore order to Hackistan’s economy.
The CCM club also will present a program on “Phishing” at the “Safer Internet Day” planned for Feb. 7 in Pennsylvania. “Safer Internet Day” is an awareness-raising campaign that started in Europe more than a decade ago. Celebrated in more than 100 countries, the day is coordinated by the Brussels-based Insafe Network for the European Commission.
Phishing is a cyber scam which attempts to obtain sensitive information such as usernames, passwords, and credit card details for malicious reasons, usually by disguising as a trustworthy entity in an electronic communication.
CCM is the only community college in the state recognized as a certifying institution by the National Security Agency’s Committee on National Security Standards. Tamburelli said the extent of cyber crime means that the nation will need 1.5 million more cyber security experts by 2018.
“We want to be the resource for cyber security,” Tamburelli said.
Tamburelli said one of the better places to learn more about cyber security is the National Cyber Watch Center, a consortium of higher education institutions, public and private schools, businesses, and government agencies focused on collaborative efforts to advance cybersecurity education and strengthen the national cybersecurity workforce. The center can be visited at www.nationalcyberwatch.org/about/
Another valuable resource is the New Jersey Cybersecurity and Communications Integration Cell, a center for cybersecurity. The center brings together analysts and engineers to promote statewide awareness of local cyber threats and widespread adoption of best practices. The center website is https://www.cyber.nj.gov/
Among other activities, the center provides daily threat assessments of five levels. Last week, the center noted a “guarded” risk, the second lowest level. It “indicates a general risk of increased hacking, virus or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”
Tamburfelli said yet another important resource is the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST). It is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.