Is Your Data Safe? A Cybersecurity Expert’s Perspective

by Barry Waldman

For decades, security meant locking the doors and windows of your home, maybe turning on an alarm system, keeping your banking information and credit cards away from strangers, and placing your personal papers and passport in a safe.

Today, you have hundreds of doors and windows into your life, and your banking, credit card, passport and other personal information are housed in databases you don’t own or control. You can take steps to secure it all, but there are thousands of malicious actors from all over the world employing sophisticated tools to hijack your data and profit from it.

Or just ruin your life.

And there is only so much you can do about it.

That’s the sobering conclusion, the more you know about cybersecurity.

Dr. Shankar Banik, a professor in the Department of Cyber and Computer Sciences, NSA/DHS CAE-CDE program director and co-director of the Center for Cyber, Intelligence, and Security Studies at The Citadel, says cybersecurity is a problem that is managed, not solved. You can take precautions to minimize your vulnerability, but as recent high-profile attacks on the state of South Carolina, Target, Facebook, Twitter, Marriott Hotels and many, many other organizations demonstrate, no one’s information is totally safe.

Cybersecurity at the Lowcountry Graduate Center
Dr. Banik teaches a cybersecurity course as part of the MS in Project Management at The Citadel. Students in the course use hands-on techniques in a closed environment to learn how to detect and counteract cyberattacks.

Dr. Banik teaches a cybersecurity course as part of the MS in Computer and Information Sciences (jointly offered by The Citadel and College of Charleston). Students in the course use hands-on techniques in a closed environment to learn how to detect and prevent cyberattacks.

There are some actions he says we can all take to reduce our vulnerability to cyberattacks.

  • Use multiple passwords online.
  • Use complex passwords that include upper and lower case letters, numbers and symbols.
  • Only download apps and software from trusted providers.
  • Be wary of all emails and scrutinize the email address before opening.
  • Never open email attachments you aren’t sure about.
  • Don’t share sensitive personal information on social media.
  • Turn off the microphone on your smart speaker when you’re not talking to it. Otherwise it is constantly listening to everything said and done around it.

“The more online services you use in your daily life, the more vulnerable you are,” he says.

People Are the Weak Link

Cybersecurity analysts detect vulnerabilities in systems via a variety of tests. These include penetration-pressure testing to find weak points, inventorying all the devices in a network, and constantly scanning systems.

Once vulnerabilities are identified, they establish controls to strengthen the weak points, build firewalls to manage what comes into the network and conduct “system hardening” – ensuring software updates are all installed.

The greatest weakness in any network is beyond the control of cyber security experts – it’s the users. “Humans are the weakest link,” Dr. Banik says. “You can have all the most sophisticated software and hardware, you can have the best virus protection, but at the end of the day, all a hacker needs is one entry point into a network.”

Dr. Banik warns against opening those spearfishing emails that look like emails from friends and professional contacts. He says cybersecurity experts find themselves in the education business, teaching network users what he calls “cyber hygiene” — ways to avoid becoming some malicious hacker’s victim.

“We’re teaching it in middle school now because they’re already using the internet,” he says.

Dr. Banik teaches students the three pillars of network security — confidentiality, integrity and availability. That translates to keeping private information out of unauthorized hands, protecting the system from attack and keeping it running all the time. He says a big part of the course is showing the engineers he teaches how to write more secure code.

But even with all the protections, your information is going to get stolen from some organization with which you do business. The defenses keep getting more sophisticated, but so do the hackers.