Dakota State University students walking around campus

Preparation + opportunity = success

That's the DSU equation. We're a four-year university with nationally recognized programs, cutting-edge facilities, and the brightest thinkers. But we're also a tight-knit, inclusive community. Small class sizes mean hands-on training and individualized attention. All this with an affordable, public school price that's among the best values in the region.

Majors & Degrees

Women Reshaping The Cybersecurity Industry

May 3, 2023

This article by David Leichner was published on medium.com on May 2, 2023.

T
he cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series, we had the pleasure of interviewing Dr. Ashley Podhradsky.
  • Reduced Computer Performance: If your computer is running considerably slower than usual, it could be a sign that it has been infected with malware. Malware uses an abundance of system resources that can cause your computer to become sluggish and unresponsive.
  • Unusual Account Activity: If you notice that your email or social media accounts are showing signs of unusual activity, like unrecognized logins, changes to account information, or messages being sent from your account, it could be a sign that it has been compromised. To protect against this, ensure you are using two-factor authentication or multi-factor authentication on all your accounts. A password manager is a helpful tool, too.
  • Suspicious Emails or Messages: If you receive an unexpected email or message, especially from someone you don’t know, it could be a phishing attempt. Phishing is a type of social engineering attack where the attacker tries to trick you into revealing sensitive information, such as your login credentials or financial information. Remember, your mobile devices are also susceptible.
  • Containment: The first step is to contain the breach and prevent further damage. This involves isolating the impacted systems or networks, disabling compromised accounts, or taking other steps to prevent the attacker from accessing or exfiltrating additional data. Companies should be aware of the data breach notification laws in their state and report the incident to authorities and their state’s consumer protection office.
  • Eradication: Companies should investigate the breach to determine the extent of the damage and identify the root cause. This can be accomplished internally or with the help of external partners. Investigations can help with remediation efforts and may also be necessary to comply with breach notification requirements. If companies have cybersecurity insurance, they should contact the provider once they have confirmed an incident. Insurance providers may also require certain conditions to satisfy their policy requirements.
  • Recovery: Companies should also take steps to improve their security controls to prevent future breaches. This could involve implementing additional security measures, such as multi-factor authentication or encryption, conducting regular security audits and risk assessments, and providing ongoing cybersecurity training for employees.
  • Learn from the Breach: Finally, companies should take the opportunity to learn from the breach and use it as a teachable moment to improve their overall cybersecurity posture. This may involve conducting post-incident reviews, identifying areas for improvement, and implementing changes to prevent future incidents from occurring.
  • Using Default or Weak Passwords: Many companies make the mistake of using default or weak passwords for their accounts and systems. This can make it easy for attackers to gain unauthorized access and compromise sensitive data all through a simple Google search for default passwords. To mitigate this risk, companies should implement strong password policies, such as requiring complex passwords and enforcing regular password changes. Adopting a company-wide password management tool is also a helpful strategy.
  • Forgetting to Remove Accounts with Turnover: Employee turnover is common, and companies must remove accounts and access privileges for employees who have left the organization in a timely manner. Failing to do so creates an opportunity for attackers to gain unauthorized access. Companies should establish a formal account management process that includes regular reviews of access privileges and the removal of unnecessary accounts.
  • Not Keeping Systems Patched and Updated: Many companies may fail to keep their systems and software current with the latest security patches and updates. This can leave them vulnerable to known vulnerabilities that attackers can exploit. Implementing a robust patch management program that includes regular patching and testing of critical systems is the most effective way for companies to maintain secure systems.
  • Overlooking Vulnerabilities with Remote Access: Companies may also overlook the security risks associated with remote access, such as through VPNs or RDP. To mitigate this risk, companies should implement strong authentication and access control measures for remote access, such as multi-factor authentication and network segmentation. Allowing necessary access is fine, but they should ensure they are logging access to monitor for unusual or atypical patterns. Additionally, since vendors often require temporary access for setting up systems, companies should ensure that access is removed when it is no longer necessary.
  • Not Prioritizing Employee Cybersecurity Training: Companies may fail to provide foundational cybersecurity training and awareness programs for their employees. This can leave employees vulnerable to social engineering attacks and other types of phishing attempts. Regular employee cybersecurity training is critical for raising awareness about the latest threats and attack techniques.
  1. Communication: Effective communication is important for building relationships, establishing trust, and coordinating efforts to detect and respond to threats. Strong communication skills help convey timely and accurate information to best support an organization’s cybersecurity posture.
  2. Teamwork: In the cybersecurity industry, effective collaboration with different stakeholders is key, including colleagues from different departments, clients, and vendors,. Developing collaboration skills can help with relationship-building and teamwork, which are essential for tackling challenging cybersecurity issues.
  3. Curiosity: In cybersecurity investigations, there are few things better than a curious and inquisitive mindset. This way of thinking helps professionals stay ahead of potential threats and vulnerabilities, find the data they are seeking, encourage life-long learning, and help with problem-solving.
  4. Hands-on Experience: There is no substitute for experience in cybersecurity. Experience helps professionals develop technical skills, problem-solving abilities, and an understanding of real-world threats and vulnerabilities.
  5. Perspective: There are many things in the cybersecurity field that can cause angst and stress. Successful cybersecurity professionals must remember to be calm, maintain focus, and make effective decisions.