The pandemic hasn’t stymied bad actors from attempting to infiltrate software and operating systems. A UNC expert on cybersecurity says the more things change the more they stay the same when it comes to defending against malicious attacks.
“This is not the time to let our guard down,” said Burkhard Englert, dean of the College of Natural and Health Sciences. “The assumption is hackers have more time on their hands, and everything we are doing is online now.”
Englert has watched the field of cybersecurity evolve, teaching computer information sciences in the infancy of cybersecurity and hiring some of the first faculty to teach courses. Then, it was still a new frontier, as software developments generally outpaced and overshadowed the “crucial” work to address security.
Today, there are much more intentional efforts. Even though cybersecurity operates mostly behind the scenes, it’s no longer an afterthought. Englert points to UNC’s own efforts, as an example, with spam protection in place, multifactor identification, and awareness campaigns to fight the malicious attempts.
“I’m impressed by what the university is doing,” Englert said. “The software we’re using to cut down on spam is quite sophisticated. A strong filter like this to intercept and quarantine unwanted emails is needed.”
Still, even as tech companies think through and address the many possible scenarios, hackers spend copious amounts of time to identify and exploit what Englert refers to as loopholes to gain unauthorized access. Companies issue updates to close loopholes when they are discovered. That’s why Englert says one of the most important things you can do is to update your software and operating system.
“They’re devious,” Englert said of these groups. “They find loopholes we didn’t know about until they expose it, and by identifying it, we can take care of it to close it.”
In that sense, Englert said it’s a race, often starting one step behind and chasing the criminals who are exposing chinks in the armor. Initiatives such as so-called hackathons that bring together technical savvy people to intentionally find holes in systems and that have gained a toehold are “very important” to patch a loophole before it wreaks havoc.
“Companies respond as quickly as possible to limit the damage when loopholes are discovered, and for good reason. Waiting too long is not just embarrassing from a reputational standpoint. Delays can also destroy a company, risking revenues and profit loss and investors walking away.”
A mathematician with expertise in theory and application, which drew him into the field of computer science, Englert says companies will have to continue engaging in predictive analysis and studying data analytics from computer programs to locate loopholes and limit the ones that make it out in the wild.
“Cybersecurity has really improved in the past 10 to 15 years,” Englert said. “While the process will never be perfect, the closer we can get to 100 percent secure systems, the better.”
Learn more about UNC's Cybersecurity
—Written by Nate Haas