Cybercriminals aren’t hobbyists: Cybercrime is a business that uses sophisticated technology, including artificial intelligence, to automate profit-making. It’s a big business, too. Bad actors rake in about $1.5 trillion a year, according to a study from the U.K.’s University of Surrey earlier this year.
But there is some good news. Colleges can avoid becoming targets by raising the cost and complexity for hackers, reducing their return on investment.
“While there are AI tools that cybercriminals can use, there’s a cost to that in connectivity, storage and power,” says Michael Suby, vice president of research at Stratecast. “Either they have to find a way to steal that and not be detected, or they have to pay.”
Institutions can also fight fire with fire, using hackers’ tools against them. But while machine learning could help fix vulnerabilities and analyze user behavior to develop ideal security settings, for example, it’s also important to build security into systems from the start.
At the University of California, San Diego, the newly created Halıcıoğlu Data Science Institute aims to explore the scientific foundations of data science. Yoav Freund, a professor at the Jacobs School of Engineering and an HDSI adviser, says organizations must use people and computing power in concert. Computers can detect suspicious data, but only humans have the agency to act on it.
That means staff and students must understand both threats and solutions. “The main thing is really education,” says Freund. “Educate kids that these things are out there and educate them in terms of the tools they can use to verify what is fake and what is real.”
Here’s some more advice from the experts.
Practice Good Cybersecurity Hygiene
“The security for many enterprises is considerably worse than you’d think,” says Deian Stefan, who’s also a professor at UCSD’s engineering school and an HDSI adviser.
That means every institution likely has room to tighten its environments, resources, storage, networking and monitoring. “Make sure to fence your applications and your resources to be sure they’re only being used for proper activity,” Suby says. That will prevent resource leakage and make sure that attackers don’t have greater capabilities than legitimate users.
Monitor Usage of Cloud Platforms on Campus
In addition to the many commercial tools that monitor server and network usage, cloud platforms offer monitoring capabilities that can reduce the risk of malicious use of resources. In addition enterprise-level implementation, IT staff can work to raise awareness of these capabilities among staff and students who choose their own cloud-based productivity tools.
Use a Secure Runtime Monitor
Be sure to choose a secure solution that lets you specify security policies. “Even if you get compromised, the runtime monitor ensures that the attacker can’t reach your data,” Stefan says.
Eventually, machine learning will perform tasks such as evaluating user-application interactions to set session durations accordingly, limiting the window of opportunity for cybercriminals, Suby says. And, as the IT community becomes more aware of resources and gets better at monitoring them, it will be harder for criminals to steal them.
“If you step back and ask, ‘How do we do this right? How do we invest time and money into solving the problems?’ there’s a payoff,” says Stefan.