LARAMIE, Wyo. (AP) — With the global number of internet users projected to rise steadily and the profit from cybercrime expected to skyrocket in coming years, cybersecurity is more important than ever.
And that responsibility is everyone’s burden to share, according to one group at the University of Wyoming.
Defense Against the Dark Arts — a student organization mostly comprised of computer science majors — hopes to teach members of the public how to take control of their own digital security.
“Education really is the way,” said Chris Bugg, the organization’s vice president. “There is nothing else. We have a bunch of really awesome cybersecurity people, (and) that’s great. But if the rest of the population still doesn’t know what they’re doing, then we’re no better.”
Defense Against the Dark Arts, or DATDA, meets weekly, gives presentations and competes in cybersecurity competitions, during which members try to suss out exploitable flaws in some piece of software.
This helps software developers design safer programs, said Mike Borowczak, the organization’s faculty adviser and UW Cybersecurity Education and Research Center director.
“Basically, people put on these competitions just to test out their skills in finding vulnerabilities with the hope that, essentially, if you find a vulnerability, you now also know how to protect against that vulnerability.”
DATDA also hosts wargaming competitions on servers donated to the group by a generous benefactor, Bugg said.
“Basically, our members go in and get on one of two teams and try to secure their server and try to hack another one — all self-contained within our little servers,” he told the Laramie Boomerang.
The group is open to all students — not just computer majors — and to the public as well. Bugg said activities hosted by the group are designed to make cybersecurity accessible to all.
“A huge thing that we hear from freshmen and sophomores, when they don’t have a lot of experience, is they don’t know where to begin,” he said. “So, trying to encourage them to ask questions, encouraging them to participate and just giving them that hands-on experience is incredibly valuable.”
Even before attending DATDA meetings or events, members of the public can take a few easy steps to protect against hackers, Borowczak said.
“Get different passwords for different things,” he said. “I know that that becomes a challenge to remember all these things, but if you really care about how secure you are, you should do it.
“You have different keys for your house and for your office and for your car. You have different keys for different things so if somebody breaks into one thing, they can’t break into all of them.”
Borowczak also suggested using a password manager — software that allows you to save lengthy, complex passwords.
“Don’t write your passwords down,” he said. “Password managers allow you to have complex passwords. If you don’t want to use a complex password management system, the next step is, for your passwords, create long strings of text. The longer the string of text, the more secure.”
Multi-factor authentication, offered by many highly trafficked sites such as Gmail and Facebook, requires a password and a second proof of identity, such as a fingerprint, USB key or a code texted to one’s phone.
“Regardless of how strong or weak your password is, even if somebody discovers it, with two-factor authentication, they now need something else,” Borowczak said. “So, they need to have not only stolen your password, but stolen your phone or whatever else.”
He added most victims of cybercrime are not specifically targeted. While a person holding a high position in a large company or holding government office might become the victim of a targeted attack, most attackers seek the path of least resistance.
Long and complex passwords, password managers, differentiated passwords and multi-factor authentication all work to dissuade a would-be hacker, especially in a world full of so many weak passwords, Borowczak said.
“The idea here is to minimize and mitigate as much risk as possible,” he said. “Don’t be the slowest gazelle.”
The more you make a hacker work, the less likely you are to become a victim, Borowczak said.
“If you go to a row of bikes and you’re trying to steal a bike, you would steal the bike with the least number of locks or no lock,” he said. “That’s basically how you want to consider your digital security or your cybersecurity. If it costs me more money to attack you than I think I’m going to get out of you, it’s not worth it.”
While many banks offer protection and will return stolen money, Borowczak said the system is not as foolproof as many people think.
He added cybercrime can hurt a person more than one might expect. For example, he said, banks may not reimburse you for late fees incurred during the interim.
Bugg said everyone — despite what they think of their own capabilities — can learn to protect their identity and money.
“And more and more, I think people are coming to the awareness that they have to take the internet and all of our computational devices seriously,” he said. “Cybersecurity is a real thing that people need to take seriously.”