6 Ways to Avert the Next WannaCry

Posted on May 31, 2017 by Aldyn Miller
Aldyn Miller

Dean Alec Yasinsac data-lightbox='featured'
Dr. Alec Yasinsac, dean of the School of Computing, said as computing and software tools and capabilities become increasingly sophisticated, deception and social engineering are similarly getting better and better: “It can be very difficult to recognize a fraudulent or copied website, even for a well-trained user.”

The WannaCry ransomware attack this month spread like wildfire through the Internet, infecting more than 300,000 personal computers in over 100 countries, using up to 28 languages to demand money from users.

Much more than a nuisance, WannaCry compromised healthcare delivery systems and prompted some medical providers to turn away patients or postpone surgeries. Victims usually had a short window of seven days or less to comply.

Not unlike treating an illness, the best safeguard against becoming a ransomware victim is to have a good defense in place. Dr. Alec Yasinsac, dean of the School of Computing, offers six insights on what you can do — and what the School of Computing is doing — to combat cyberattacks:

  1. First, look in the mirror. “Success against a cyberattack is ultimately tied to the actual person that allows its execution,” Yasinsac said. “Keeping systems and applications patched and up to date are obviously key to defeating malware infections, but first strikes and day zero attacks still pose a major threat to organizations, even those with good security policies in place.”

  2. We’re no stronger than the weakest link. “No matter how much awareness and security training are provided, it only takes one careless user to compromise an entire organization,” Yasinsac said. Additionally, as computing and software tools and capabilities become increasingly sophisticated, deception and social engineering are similarly getting better and better. “It can be very difficult to recognize a fraudulent or copied website, even for a well-trained user,” Yasinsac added. “Cybersecurity will always be an ‘attacker-defender’ competition, with the effectiveness of network applications lying in the balance.”

  3. You can lead a horse to water, but… Large organizations are taking security more seriously and software developers and network service providers think more about security than they used to, often requiring safe passwords and password renewal periods. “Again, for end users that really don't understand computers, it is very difficult to protect them from sophisticated attackers, because the end user ultimately owns their destiny,” Yasinsac said. “If the user wants to take the risk, for example, of providing their bank account number to an online solicitor, the system can discourage, but cannot prevent, that transaction.”

  4. The School of Computing is developing cyber defenders. USA’s Center for Forensics and Information Technology Security and the Information Assurance (IA) program are certified as a Center of Academic Excellence (CAE) in Cyber Defense. “Our IA curriculum meets standards based on the National Initiative for Cybersecurity Education’s workforce framework. This means that our security curriculum is mapped against national standards based on government and industry demand for cybersecurity professionals,” Yasinsac said.“In addition, the certification means that our faculty are engaged in cybersecurity and IA research, professional development and outreach.  CAE designations require evidence of productivity in both research and education related to cybersecurity, so that students not only have great curriculum but availability of expertise and the environment to grow their workforce skills.”

  5. …and offering scholarships. “We have awarded 29 NSF Scholarships for Service to increase the number of qualified students entering the fields of information assurance and cybersecurity, with 15 graduates now serving in federal cybersecurity positions in agencies such as the FBI, DHS, EPA, GAO and MITRE, and national DOE labs such as Sandia, Lawrence Livermore, Los Alamos and Idaho,” Yasinsac said. The current NSF grant, acquired by Dr. Todd Andel and Dr. Todd McDonald, will award scholarships through 2020 and provide an opportunity for 15-to-20 more students to pursue cybersecurity education at the undergraduate, graduate and doctoral levels. “The program has been wildly successful and opened up new opportunities for our students in terms of academic research, job skills and job placement as cybersecurity professionals,” Yasinsac said.

  6. …and winning competitions. The School of Computing’s DayZero student team last month won the Southeast Collegiate Cyber Defense Competition and earned a trip to the national finals. “The cyber collegiate defense competitions are one example of activities where our students play the role of real-world IT staff managing a real corporate business network against active attack,” Yasinsac said. “These types of skills are highly sought after in today’s environment where cyberattacks are increasing in scope and impact.”  Many large companies and government agencies directly recruit from CDC competitions: at the national competition, for example, a job fair is held where interviews and discussions are considered equivalent to job interviews — with offers made on the spot.

Dr. Alec Yasinsac served as an officer in the U.S. Marine Corps for 20 years before transitioning to academia in 1999 as a computer science professor.  He joined the University of South Alabama’s School of Computing as professor and dean in 2008.  He says “anyone with interests in computing can find a place to connect with the SoC.” You can reach him at yasinsac@southalabama.edu.


*This article and photo were reprinted with permission from the author. 

Share on Social Media