Pushing Back on Hacks

Pushing Back on Hacks

The United States will account for half of the world’s breached data by 2023, with cybercriminals stealing an estimated 33 billion records, according to a study from Juniper Research.

The Information Systems and Operations Management (ISOM) program at the Sawyer Business School is poised to help American corporations and institutions fight back against the cyberthugs by extending its class offerings, with the goal of offering cybersecurity as a minor in the near future and perhaps a major within a few years.

“Every week, it seems, there’s a new data breach,” says Professor Benjamin Ngugi. “So we saw this as an important opportunity.”

And to offer an inside look at the challenges, Ngugi helped put together a Cybersecurity Beanpot that gave students the chance to go to a website called ShadowBank and try to hack it.

Seventy percent of chief information security officers and other IT security professionals say a lack of competent in-house staff is what they worry about most when trying to defend their companies against cyber-attacks, according to one study. And 65 percent of these respondents say inadequate in-house expertise is the top reason they are likely to have a data breach.

Cybersecurity career prospects are exploding: There will be more than 3 million unfilled U.S. jobs in the field by 2022, according to one report.

Ngugi is quick to point out that the current courses and planned minor aren’t just for coders: They’re for anybody who’s ever going to handle business data, which would cover just about every student in the Business School.

“Whether you’re in marketing, accounting, taxation, finance, or healthcare, you need to understand cybersecurity fundamentals, data privacy, and required compliance laws and regulations,” he says.

Calling all hackers

Suffolk Law students practice litigation in moot court. Broadcast majors hone their onscreen skills in Suffolk’s Studio 73. MBA students learn how to run virtual companies. But where can cybersecurity students work on their skills?

“For students to be good, they need to really think like hackers,” said Ngugi. “They need to understand some of the tools and techniques that cybercriminals use to really be good in protection. The piece that is missing is a real website that they can go and hack.”

So in October 2018, the Cybersecurity Beanpot hackathon event had students from Suffolk and other area schools testing their skills on the ShadowBank website.

“ShadowBank is a safe playground where people can come and practice offensive and defensive cybersecurity skills,” said Ed Adams, president and CEO of Security Innovation, a Boston-area software security company that sponsored the event. “The point is to make the site as real as possible so that people can become familiar with how to protect a site in the real world.”

Over the course of several hours, about 75 students had the chance to practice the dark art of hacking and look for vulnerabilities in the site. Some of the tasks were easy; others took longer.

“They gave us some background material, but I still felt a little in the dark once we got there,” said Liv Dorak, Class of 2019, one of the Beanpot participants. “But I guess that’s what a real-life scenario would be like.”

The top three winners of the event earned $10,000 in scholarship money, but all the participants gained valuable—and hard-to-come-by—experience.

“Putting yourself in the shoes of someone who wants to hack your site is a great way to learn about how to prevent cybercrime and also how to respond to it,” said Dorak, who’s double majoring in Global Business and Information Systems.