In the first Cyber Bytes installment of 2024, Tracy Ross and Michael Ramage, Director of the Cyber Education and Research Center of Murray State University, discuss cyber security updates for the new year. Since the start of the Sounds Good series, Ramage says the state of cyber security has gotten worse due to the increased use of artificial intelligence to hack public institutions and consumers alike.
"It's gotten crazier, wackier, and it's almost to the point of being overwhelming," Ramage says. "The way that we're talking about it now is in a manner that it's just so commonplace." Ramage adds that while some institutions, like nonprofits, were typically excluded from these forms of attack, this is no longer the case. He referenced a nonprofit that sought to provide clean water to communities in need that was attacked by hackers, saying, "It felt like there were some areas off-limits. There is no area off-limits. That is what we're up against by now."
Ramage said to those listening to this conversation: "First of all, you can't be overwhelmed. It is very easy to be overwhelmed. Second, if you try to plan for the exact thing that's going to happen, you're probably going to miss the mark." Ramage says a holistic approach like GRC, governance risk compliance, is the best way to approach cyber security. This includes setting up strong, unique passwords, implementing user awareness training, and following governmental guidelines pertaining to your business. For example, HIPPA in the medical field, FERPA in education, the National Institute of Standards of Technology (NIST), and Special Information Operations (SIO).
"Policy is the least fun to deal with. But if you don't start with police, then you don't necessarily know what the rules are of even trying to stop," Ramage says. "We don't know those rules of engagement unless we lay them out in a policy."
"Our region is blessed to have a lot of these types of companies," Ramage continues. "There are organizations in our region that can help. You can reach out to me at ________, and I'll point you in the right direction. I don't monitor networks; I don't configure that. But I can certainly point you to the right people."
"The most important thing is, one, don't be overwhelmed. Two, realize that you probably don't need to do this yourself. Hire somebody who's a professional who knows what they're doing. In the long run, it's going to save your business money because you're going to stop that attack from happening versus trying to piecemeal it yourself and realizing you missed a major vulnerability that leaves you open to attack," Ramage concludes.
For more information on MSU's Cyber Education and Research Center, visit its website. Read the first installment of Cyber Bytes here.
