Mike Benz is the IT Director at Kraus-Anderson Construction Company and a graduate student in the University of Minnesota’s Master of Science in Security Technologies (MSST) program. Below, he shares his perspective on the most important challenges in IT security today.
- Why is cyber security especially important in 2017?
Cyber criminals are becoming more sophisticated and more successful every day. It is an extremely profitable crime and the risk of prosecution is very low. Some nation states and organized crime rings have rooms full of brilliant hackers who are methodically breaking into commercial/governmental networks stealing trade secrets, intercepting money transfers, blackmailing politicians, and scamming consumers.
- What are the top cyber threats facing corporations today?
More and more systems are being connected. Once a bad actor has access to one point of entry, they can often move throughout your systems at will, looking for valuable nuggets. Your iPhone, for instance, is connected to your email accounts, mobile banking application, company WiFi, eBay/Amazon accounts, Facebook, your phone calls and can pinpoint your location as you move around the world.
- How have these threats evolved over time?
The Internet of Things (IoT) is allowing you to access all sorts of devices for convenience (home thermostats, garage door openers, door locks, lighting dimmers, security cameras, refrigerators, roadway sensors, implantable medical devices and OnStar vehicle tracking)
- What are the biggest things you’ve learned so far from your time at the University of Minnesota’s Master of Science in Security Technologies (MSST) program?
A. The risks in the Healthcare industry are much greater than I had imagined. Healthcare is focused on providing the best care to their patients, putting their entire medical history at their providers’ fingertips. Healthcare, unlike Financial Services, has only recently considered that someone would want to break into their systems. One expert told me that “a large hospital can easily have 10,000 interconnected devices. These include patient monitors, infusion pumps, surgical robots, thermostats, X-ray machines, MRIs, CAT scanners, pharmacy dispensing machines, doctor/nurse PCs and iPads, security systems, parking systems, door locks, refrigerators, WiFi access points, billing systems, internal accounting systems and Coke machines. Vendors seldom built the devices with security in mind. Once you’re into one, it’s possible to get into everything else.
B. While your credit card number is worth a few dollars on the black market, your electronic medical record can be worth far more. If your credit card is stolen, a thief might be able to buy a couple things, somebody will notice, the bank will freeze your card and they’ll issue you a new credit card. If somebody gets a hold of your medical record, they have access to every doctor’s visit, test, prescription and procedure you’ve ever had. They know about your insurance policy, your bank account, social security number, employer information, family information and health risks. You can’t just change your name and start fresh. Criminals can use your information for fraudulent insurance claims, treatment fraud, drug diversion and discovering sensitive information about your health.
C. In many countries a person with an advanced degree in Math can earn $10,000/year as a high-school teacher. If they become a good hacker, they can earn $10,000 a week. The risks are low and the World is full of vulnerable people and computer systems.
Traust would like to thank Mike for sharing his knowledge. We look forward to learning more from Mike at his Traust Executive Roundtable presentation on January 17th, 2017.