David Hird is Head of Security, Standards and Compliance at La Trobe University. His role includes overseeing information security for the University, including security policies. David explains the implications of cybersecurity and cyberwarfare, and tells us how La Trobe’s new suite of Master of Cybersecurity programs can help win that war.
Cybercrime is increasingly mature and available to many. On the dark net, you can pay for services with a stolen credit card or bitcoins. You can buy a distributed denial of service attack – as a service – or malware customised for your needs. It’s a growing industry, ridiculously cheap in many cases.
There’s a lot at stake. People are after financial information, but if you want to get really destructive, there’s corporate hacking. You can modify information and not leave a trace.
That has massive implications because a company might rely on incorrect information. People will make decisions based on that, with major financial implications.
The ramifications of a large-scale cyberattack affect all areas of business, because everything relies on the net. In a cyberattack, millions of dollars can be lost from e-commerce. Also, you could take out a security system or an alarm system and use that to mask a physical attack.
Governments are taking a serious interest in cyberwarfare. They’re amplifying their capabilities because they realise they’re vulnerable.
Denial of service attacks are very serious and can take down significant parts of the internet. If you can take out the world’s core DNS services, you’ve destroyed the net.
Australia, for example, has undersea cables with a certain bandwidth. When you try to put more traffic down the pipe than it can take, then you’re performing a denial of service attack. At a conference once, I saw a proof of concept for mass attacks that would basically swamp a country’s network links.
People: the weakest link
Some of the largest cyberthreats involve phishing attacks. They’re very difficult to defend against because they’re aimed at people. It’s difficult to distinguish a phishing email from a real email. A person, if experienced and careful enough, could pick it up but that’s hard to do with software.
Education is a big part of the story: we need to educate users so they’re more aware of cybercrime.
People are very trusting. If you see a USB stick on the ground, you might think, ‘Oh good, I’ll plug it in.’ But it could contain malware that zaps your computer and destroys it completely.
Insider hacking is another threat: the hacking of a business by its employees. Of course, you need to be able to trust your people, but you also need to temper that trust by being aware of what they’re doing, with proper segregation of duties so no one has all the keys. You need to be able to control access to data so that only the correct people have access to it, and you need to manage the integrity of the data to ensure it doesn’t change.
The cybersecurity industry needs people from all walks of life, from coders to psychologists. You need to be able to find the root cause of issues.
People skills are extremely important. Cybersecurity experts need to be able to read people, to understand motivations while also understanding the weaknesses in systems.
Cybersecurity is about confidentiality, integrity and access.
Welcome to La Trobe
There aren’t enough qualifications in cybersecurity. Companies don’t know who’s qualified and who isn’t, and it’s very difficult for them to trust the person they’re employing. Even the major security players find it hard to get skilled staff – and they pay a lot of money.
La Trobe’s suite of Master of Cybersecurity programs ensure graduates are properly trained and ready to be employed.
The course was designed with the input of our industry partners, and that’s vital. Our partners have the experience: they’ve seen it all before and they know what’s required.
The course is not strictly an academic exercise – it’s practical. You need to know what’s out there and the Master of Cybersecurity industry partners certainly do.
Choose from three streams in our suite of Master of Cybersecurity programs, and match your interests to industry demand:
- Master of Cybersecurity (Computer Science) – learn to think like a hacker to better detect, deter and respond to cybersecurity threats
- Master of Cybersecurity (Business Operations) – use analytics and risk management processes to bridge the technical IT functions with the broader business cyber strategy
- Master of Cybersecurity (Law) – be at the forefront of defence against cybercrime and explore the emerging legal challenges created by the networked world