Experts talk cyberattacks on business, lead live ‘hack’

Three  live ‘”hack” demonstrations showed the audience how easy hackers can access sensitive information – and how folks can use tools to avoid having their devices hacked. The demonstrations were conducted by (from left to right): Selcuk Uluagac, assistant professor at the College of Engineering & Computing and director of the Cyber-Physical Systems Security Lab, and doctoral students Amit Kumar Sikder, Leonardo Babun and Abbas Acar.

With cyberattacks increasingly targeting consumers shopping online, private businesses and public organizations, the cyber world – and its vulnerabilities – are a major topic of concern for many.

A group of cybersecurity experts recently gathered at FIU to discuss the topic and share knowledge about best practices. The conference was hosted by FIU, the U.S Chamber of Commerce, the Florida Small Business Development Center Network and the Greater Miami Chamber of Commerce.

Panels covered topics ranging from security of smart cities and homeland security to an often-overlooked topic: managing the risk of insecurity in businesses.

Businesses at Risk

According to Brian Fonseca, director of FIU’s Jack D. Gordon Institute for Public Policy – part of the Steven J. Green School of International and Public Affairs – the growing threat of cyberattacks is important for CEOs to recognize and be vigilant about.

Any person in an organization clicking on a malicious link in one email can cause hackers to access sensitive information and could potentially cause devastating financial losses for the entire company.

The conference featured a panel discussion on the cybersecurity risks businesses face everyday. From left to right: Ian Wallace, co-director of Cybersecurity Initiative for New America; Ray Guzman, CEO for Information Security International; Cynthia Camacho, community relations executive for Global Resilience Federation; and Brian Fonseca, director of the Jack D. Gordon Institute for Public Policy at FIU’s Steven J. Green School of International and Public Affairs.

The best way to combat this, Fonseca said, is through creating an organizational culture in which everyone develops cyber hygiene – practical knowledge that will help people have a healthy and secure digital lifestyle.

During the discussion, Ray Guzman, CEO of Information Security (iSEC) International, stressed the importance of training and going back to school for IT individuals and others in the field – and how this can impact a company’s awareness and protection.

FIU is already playing a key role in disseminating that knowledge.

“The work we do with our students is very important,” Fonseca said.

The Gordon Institute in collaboration with the College of Business offers a two-day executive certificate on cybersecurity leadership and strategy. Likewise, the Gordon Institute partners with units such as the Division of Information Technology and the Department of Electrical and Computer Engineering to host workshops on cybersecurity topics open to all students.

“We want all our students to walk out these doors with a core competency of cybersecurity,” Fonseca said. “Students are hungry for this [knowledge]. We believe cybersecurity in higher education is not vertical, but a core competency. And a core competency that can be interdisciplinary.”

The “Hack”

As part of the event, Selcuk Uluagac, assistant professor at the College of Engineering & Computing and director of the Cyber-Physical Systems Security Lab, led three cybersecurity demonstrations. Joined by doctoral students Amit Kumar Sikder, Leonardo Babun and Abbas Acar, the team showed how hackers can abuse smart devices.

In the first demonstration, Sikder showed a sensor-based attack using a smartwatch and a smartphone; he discussed how current malware tools or protection mechanisms do not recognize threats in malicious apps and how information can be leaked by sensors found in smart devices from one device to another. Hackers can use specific light patterns to hack into smart devices and obtain banking information, social media passwords and more.

Another demonstration by Babun, showed how SaINT, an analysis tool, can detect when sensitive information from Internet of Things (IoT) applications such as smart locks, smart bulbs and smart switches can be leaked. The best part is that the tool can be used by anyone, even those without programming experience.

The final presentation by Acar, demonstrated how motion sensors on wearable smart devices can act to support continuous authentication – a method that can continuously verify the identity of the user throughout the time a user is accessing a network or using an application. The motion sensors on wearable smart devices can record the pattern and the way a user types on the keyboard to ensure the user is the real user and not a hacker.

“Did you know 76 percent of people share their passwords with family members, and 22 percent share them with co-workers?” Uluagac asked. “One-time login process in traditional authentication systems does not guarantee the identified user is the actual user throughout the login session. Continuous authentication is the answer.”

The projects presented during these live cybersecurity demonstrations at the 2017 Florida Cybersecurity Conference were funded by the National Science Foundation (NSF).

– By Gisela Valencia and Diana Hernandez-Alende