The idea isn’t to make coders or tech experts out of everyone. The idea is to help small businesses shield themselves from disaster – in industry-specific ways – because it’s especially tough for them to recover from a security hack and its far-reaching repercussions.
“Who’s the lowest-hanging fruit out there?” said J. Michael “Mike” Bowman, state director of Delaware’s SBDC. “That’s what we don’t want small businesses to be.”
Aren’t small businesses too small to be a profitable target, as some believe?
“The reality is the exact opposite,” Eliot said. “Small businesses are easy targets and hackers are specifically looking at small businesses as an easy target to get to a larger fish.”
Through SBDC, small businesses in Delaware now have access to training that will help them develop strategies, skills and safer cyber practices, no matter what their business focus is.
Just as a storefront needs security, so does an online business. Insurers and lenders want a good security plan in place before issuing cybersecurity insurance or lines of credit.
“Whether you are in pharmaceuticals or baby clothing, there are security concerns with personally identifiable information, credit card information,” Eliot said. “Cyber is that sweet spot that touches every business…. No matter if you are a solo-preneur or a Fortune 500 company, you are vulnerable. There is no way to be 100 percent secure. What we’re talking about is making a reasonable effort.”
A new team of UD students now is offering cyber expertise to area businesses. It’s a free service to the five clients on the team’s list so far, but it’s likely a fee will be added as their work becomes known and demand increases.
“There is a very high demand for security services,” said David Geron-Neubauer, a senior computer science major, with a cybersecurity minor, from Wyncote, Pennsylvania, “especially in this day and age when we are seeing many more cyber attacks on major players such as Equifax, the Democratic National Committee, the WannaCry ransomware, the Wikileaks CIA vault – and those were all just this past year. Unfortunately many businesses think they have no reason to be targeted, don’t have the resources to pool into security, don’t know where to look for help, or are concerned about asking for it. Everybody needs to have security in mind. The majority of malactors will go for the easiest target.”
The team – known as GMSecurity – includes high-level UD computer science students at the undergraduate and graduate levels, many of whom have industry experience. All are skilled in assessing systems, developing protective processes and helping businesses take steps to strengthen security.
The team works under the direction of UD Assistant Professor Andrew Novocin, an expert in cryptography, who also leads the University’s Vertically Integrated Projects (VIP) program that links undergraduates with graduate students and faculty members to address a wide range of practical challenges. Some students in VIP’s “Crypto-Cloud” team are in training now and plan to join the cyber consultants in the spring semester.
The student-led team has expertise in encryption, malware detection and cleanup, password practices and data storage.
In addition to Geron-Neubauer, the core of the team now includes Teddy Katayama, a doctoral student from Virginia Beach, Virginia, with experience in network security, and two other senior undergraduates – John Roberts (management information systems), who has experience in software development, and Ryan Barbera (computer and information science), who has experience in full-stack web development, both of Newark, Delaware.
In their first visit to a client’s business, students talk with the owner or manager to learn about their concerns, get an inventory of the office computer network and how it operates. Later, they test systems and programs, looking for vulnerabilities and weaknesses that should be addressed. They work in confidence throughout the project, protecting data, proprietary and personally identifiable information. And they offer an intrusion detection system that can automatically notify the team when something happens that requires attention.
All of that requires a level of trust that the team’s association with Novocin and UD and its growing menu of cybersecurity programs helps to provide.
UD’s Cybersecurity Initiative has been designated a Center of Academic Excellence in Cybersecurity by the U.S Department of Homeland Security and the National Security Administration. UD offers an undergraduate minor in cyberscurity, a master’s degree, professional certification and other customized training opportunities.
“Everything in this realm is about trust,” Novocin said. “Ideally, we’ve got mechanisms in place where I don’t have to trust anybody for anything. But when you open a link in your email, if you see that it’s ‘google.com’ you trust it. Why? Like anything, it’s all about relationships. You tend to trust somebody if you understand their motivations, you understand their character and their culture. When somebody sits down and they understand what is motivating you, they will be more likely to trust you.”
UD also participates in several statewide cybersecurity efforts and Weir and Eliot both serve on a subcommittee of the Governor’s Cyber Security Advisory Council.
Elayne Starkey, who has a statewide view of cyber issues as chief information security officer for the Delaware Department of Technology and Information (DTI), sees UD as a pivotal part of a growing network committed to strengthening the state’s security.
“It’s not just about combating the threats we face every day – and there are many,” she said. “We’ve been thrilled to partner with the University of Delaware in training up the next generation of cybersecurity professionals. We have made such great strides and we all have a similar passion, whether it’s finding new tools to defend networks, training a new generation or making sure small businesses are equipped to build up their defense. We have found all kinds of opportunities to link arms and move forward together.
“You’ll never hear me say we’ve done all we can do,” Starkey said. “We have a mantra with my team – ‘this is a race with no finish line….’ The hackers just have to be right once. We have to be right all the time. So we never say we’ve got this covered. It just doesn’t work that way.
“But at the end of the day, we feel like we have a very deliberate plan…. We’re at a point in our progress where we’re hopeful.”
As he reviews the ever-changing cyber landscape, OEIP’s Weir agrees that the state is moving in the right direction.
“The partnerships between OEIP, DTI under the leadership of Elayne Starkey and James Collins, and UD’s Department of Electrical and Computer Engineering under the leadership of Chair Ken Barner and Professor Chase Cotton are of inestimable value,” he said. “With such a broad set of integrated capabilities, I believe as a state we are in the position to meet future cyber challenges with greater confidence, alignment and effectiveness.”
Those links strengthen everyone, Eliot said.
“It’s so important that we don’t work in silos,” he said. “That doesn’t help anyone. We have to work together to secure the small-business community, the individual citizens of the state and the state itself.”