Opinion

Biggest cybersecurity breaches originate from spotty defense, not hackers or spies

This past week, Chinese President Xi Jinping visited America on his first state visit. While President Barack Obama chatted with Xi and his wife over an elegant state dinner, the atmosphere was strained by allegations of Chinese state-sponsored cyber espionage on American firms.

Separating hyperbole from fact in this case is almost impossible, but what is known is that the state of computer security is astonishingly weak. New breaches have practically become routine. These breaches are problems that can be solved; however, unfortunately for those who seek an easy solution, they require a fundamental shift in corporate culture.

It is important to realize through all of these breaches that the core principles of cybersecurity have not been compromised. Advanced Encryption Standard-256, the method that is generally conventional for encryption, has not been weakened in any real sense: there are more possible ways to encrypt data than there are atoms in the entire universe. Companies that are willing to put in the effort to protect their data are virtually impregnable. However, to do so requires much more than a small cybersecurity team.

The biggest threats in cybersecurity are not created by hackers or spies, but by the average worker. If those in charge of protecting servers know what they are doing, attacking through the Internet might as well be impossible. However, any attempt to protect sensitive information is only as strong as its weakest link. Openings can be introduced as much through exploits in systems as through the mistakes made by people who don’t know any better.

In the dry humor of the IT world, these are referred to as PEBCAK errors: Problem Exists Between Chair and Keyboard. Dropping infected USB drives in parking lots so that workers take them into their offices to check what is inside, for instance, has become so common that many branches of the government outright ban the use of USB ports. Until gaping holes like these are closed, any discussion of hacking will be pointless, as there can be no security without everyone understanding what should be avoided.

Training workers to respect cybersecurity rules when they’re not particularly knowledgeable about technology is difficult, but not impossible. One potential way to move forward is to follow the model of Riot Games, a company most widely known for the multiplayer video game “League of Legends.” To buff up employee awareness about espionage, the company hires actors who pretend to be employees, according to a 2012 article from Eurogamer.net. Employees who spot the imposters are awarded a prize. By placing an incentive on being vigilant, Riot Games creates a culture where even those who know little about security understand what is and isn’t permissible.

Others would be wise to adopt policies like this and more. As such, even those who find cybersecurity boring and arcane will see a reason to care.

Andrew Langen is a junior majoring in economics and math.

Featured image courtesy pixelcreatures.

October 4, 2015

Reporters

Andrew Langen


ONE COMMENT ON THIS POST To “Biggest cybersecurity breaches originate from spotty defense, not hackers or spies”

Around the Web
  • Miami Herald
  • UM News
  • HurricaneSports

University of Miami men’s basketball coach Jim Larrañaga received a grand jury subpoena for his phon ...

Get ready for an avalanche of University of Miami defensive backs and linemen descending on the Hard ...

The University of Miami football team has another player with a season-ending injury — and this one ...

When UM coach Mark Richt summoned quarterback Malik Rosier into his office last year, a few months a ...

Quarterback Malik Rosier of the No. 8-ranked Miami Hurricanes maintains a solid third place in what ...

From a game simulating how whales navigate to a tribute to Ella Fitzgerald, the U showcased some of ...

A new mobile game called Blues and Reds, now available worldwide, aims to help researchers study int ...

A major Lancet Commission report, a three-year project headed by UM’s Professor Felicia Knaul and co ...

With a $6.8 million NIH grant, the UM School of Nursing and Health Studies and FIU Robert Stempel Co ...

A summer 2017 excursion unlike any other united a group of University of Miami students and faculty ...

The Hurricanes will look to slow down an inspired Syracuse team at Hard Rock Stadium on Saturday. ...

University of Miami head coach Mark Richt was selected to the 20-member Paul "Bear" Bryant ...

As a Hurricane Club member, you are invited to participate in the 25th Annual University of Miami Ha ...

University of Miami sophomore Bruce Brown Jr. was among 21 players named to the watch list for the 2 ...

Head coach Katie Meier and senior forward/center Erykah Davenport will represent Miami Thursday at t ...

TMH Twitter Feed
About TMH

The Miami Hurricane is the student newspaper of the University of Miami in Coral Gables, Fla. The newspaper is edited and produced by undergraduate students at UM and is published weekly in print on Tuesdays during the regular academic year.