Identity theft. Data breaches. Imposter profiles. Fake news. These topics are just a few of the major security threats that have become part of our day-to-day conversation and, with new breaches making headlines nearly every day, there seems to be no end in sight. But experts in the Florida High Tech Corridor are digging into the human elements of cybersecurity – from fresh takes on development and training of tomorrow’s workforce to gaining a better understanding of why people hack – to battle and prevent the threats that abound in our digital world.


Navigating the Vulnerability of Connectivity

From watches to smart buildings, more than 26 billion devices will be connected to the Internet of Things (IoT) this year, feeding data about people’s habits and movements to databases around the world. As organizations often lack direct control in the manufacturing of hardware and software being utilized by these connected devices, IoT breaches have been a reality for years, with the first recorded attack on utility systems dating back to 2011.

Of course, these breaches don’t always come in the form of large-scale external attacks. Even the smallest security flaw can lead to major problems for technology conglomerates. Apple’s recent FaceTime glitch is a perfect example; as The New York Times pointed out, “A bug this easy to exploit is every company’s worst security nightmare … and every cybercriminal’s dream.” With potential privacy breaches literally at our fingertips, it should come as no surprise that approximately 80 percent of consumers lack trust in IoT devices to protect their data or privacy.

Organizations recognize this vulnerability, as well as the potential to lose public trust and millions of dollars at the hands of a data breach, and are investing accordingly at unprecedented rates. A recent Gartner survey predicts the $1.5 billion dedicated to cybersecurity protection in 2018 will more than double by 2021.

But, what exactly are companies looking to invest in?

Often, investments are focused on technology improvements for real-time adaptive protection, management, assessment and testing. Given the dizzyingly rapid evolution of technology, however, the answer might lie in a more constant component linking the defensive and offensive lines of the cybersecurity battle – the humans behind the attacks and those guarding against them.

Above: Researchers from the UCF Complex Adaptive Systems Laboratory are creating cognitive cybersecurity profiles based on unique behavioral clues.


A Personal Approach to Cybersecurity

“When you take a closer look, people are at the heart of cybersecurity. The human element is so important because, in so many facets of security, we are the weak link,” said Yan Solihin, Ph.D., director of the University of Central Florida (UCF) Cybersecurity and Privacy Cluster. “From undertrained employees to internal and external malicious threats, companies have so many opportunities to expose data without even realizing it.”

The cluster focuses on security and privacy as a social-technical system. By integrating the technical and human aspects of cybersecurity, Solihin and his team are preparing faculty and students to keep up with the ebbs and flows of this dynamic sector.

UCF is also in the process of establishing a dedicated Master of Science degree in Cybersecurity and Privacy ­– with some courses among the first of their kind at the graduate level – that will focus on the hard skills needed to protect increasingly advanced computational systems. “In the past, security could be viewed as simple communication between two computers,” Solihin noted. “As technology advances and humans adapt, we have to be prepared for socially engineered attacks and equip our workforce with the skills to thwart advanced compromises to larger and more complex operational systems.”

Ivan Garibay, Ph.D., assistant professor at the UCF Department of Industrial Engineering and Management Systems, is spearheading another human-centric approach to cybersecurity. Through The Corridor’s Matching Grants Research Program, Garibay and his team are leveraging algorithms to create and seek out legitimate users’ “cognitive cybersecurity profiles” based on their unique behavioral clues. A variety of one-of-a-kind, identifiers – including typing patterns, preferred bank transfer methods and pressure typically applied to a keypad – can be used to detect fraud each time login credentials are used.

“We live in an age where information is being weaponized. Regardless of industry, organizations have data at their disposal and that automatically makes them a target,” said Garibay. “By assessing big data on a very personal level, we’re working to put ‘faces’ to the names of consumers and weed out imposters that are trying to work their way in.”

By helping organizations recognize abnormalities, Garibay’s team is helping safeguard the data that has been woven into the fabric of our daily lives. “It has quickly become the backbone of our society,” he added. “We need to protect our information in the same way we protect our supplies of water and electricity.”

Above: ReliaQuest, headquartered in Tampa, aims to deliver exceptional cyber security services and invests in training its workforce accordingly.


Preparing Tomorrow’s Defensive Line

The Corridor region is primed to develop a strong workforce, with nearly 100 cybersecurity certificate and degree programs currently offered across the state of Florida. And, as the understanding of security risks continues to intensify across all industries, there is a growing need for cyber-savvy professionals. However, a recent report predicts a gap between industry needs and a viable workforce to the tune of 3.5 million unfilled cybersecurity jobs by 2021.

The definition of the “ideal hire” will vary from one company to the next, but one organization within The Corridor is taking a different approach to attracting, grooming and motivating the talent pool it needs.

“Our industry has a responsibility to provide continued, specified training and development,” said Brian Murphy, CEO of ReliaQuest, a cybersecurity firm headquartered in Tampa. ReliaQuest boasts an intensive training program for new hires, which undoubtedly contributes to the company’s 90 percent average three-year employee retention rate.

Recognizing the fact that there is an educated talent pool at the ready, Murphy notes that the primary issue companies face with bringing new hires up to speed is addressing the skills transfer gap. To meet that need, ReliaQuest’s intensive onboarding training is designed to shorten the learning curve for employees, using hands-on simulations based on real-life situations new hires are likely to face in their work with the company’s hundreds of Fortune 1,000 customers. In less than six weeks, ReliaQuest employees learn the hard and soft skills needed to succeed – a process that can take up to 14 months at companies where on-the-job observance serves as the primary source of training.

Murphy firmly believes cybersecurity is a team sport and says companies in The Corridor are fortunate to partner with strong, forward-thinking universities. His company recently gifted $1 million to the University of South Florida – home of CyberFlorida – where a team of ReliaQuest technical designers will help design and teach a cybersecurity course using real-world simulations. “We look forward to giving back to the university system that has paved the way for many of our incredible team members,” Murphy said. Efforts like this will help broaden the path for the next wave of cybersecurity professionals, as well. Keeping sights set on the next generation of potential recruits, ReliaQuest has promised job interviews to the first class of 31 graduates.

Above: The Florida Institute for Cybersecurity Research works to advance cybersecurity as a basis for long-term partnership and collaboration among industry, academia and government.


Facing the Future

At the Florida Institute for Cybersecurity (FICS Research), Director Mark Tehranipoor, Ph.D., just wrapped the institute’s fourth annual conference, which provides a unique forum for industry, government and academia cybersecurity experts to share their visions, ideas and innovative solutions for the future of the sector.

“Our annual conference allows academia and industry to come together to discuss the latest challenges in cybersecurity,” Tehranipoor said. “We lay the foundation for cross-pollination of ideas and a more collaborative, partnership-style approach to addressing issues we’re currently facing and preparing for what’s to come.”

The conference also provides FICS Research students the opportunity to share poster presentations and meet with potential future employers. To prepare their students for success in a sector that is unpredictable by nature, Tehranipoor and his team have instituted a set of unique courses that bring real-world experience into the classroom.

“With how quickly cybersecurity attacks are advancing, we place a strong focus on studying breaches and hacks that are currently taking place,” said Tehranipoor. “We essentially ask our students to take on the role of an investigative journalist, asking what happened, why did it happen and what could have been done to prevent it.”

Many of FICS Research’s programs and courses are offered online, opening the door to continued education for post-grad professionals throughout The Corridor region and beyond. As professionals in the field continue to realize the need for ongoing cybersecurity training in the workplace, the institute is preparing to meet that need with a program that would allow Tehranipoor and his team to offer customized educational workshops to businesses across the state. Each would be tailored to the business’ individual needs or a specific problem they face.

While Tehranipoor acknowledges the importance of preparing tomorrow’s workforce and developing resources for those already in the field, he believes the future of the cybersecurity sector will be determined by how experts, businesses and consumers wield the power of artificial intelligence (AI).

As AI continues to integrate into the consumer landscape – from chatbots to personal assistants and other smart devices – businesses are striving to keep up with the hype cycle and are rolling out machine-learning-based products more quickly than ever before to meet increasingly modern expectations. But, according to Tehranipoor, those businesses will continue to expose themselves and their customers to cyber threats until they regain control of the unpredictable electronics supply chain relied upon for the development of these next-gen devices.

“When you purchase and open a tablet device, you have no idea who – or what – has touched it,” Tehranipoor pointed out. “As it currently stands, there are so many potential vulnerabilities in the supply chain; it has become the gift that keeps on giving for cybercriminals.”

For businesses to safeguard themselves and their consumers against the vast number of touchpoints available in the production of a single device, Tehranipoor’s advice is to circle back to “square one” in the process – the one opportunity businesses have to ensure security measures are in place – and “take an intentional and proactive approach to design with security in mind.”

“By taking the time to design an IoT device with integrated security mechanisms – like monitors, special sensors or encryption engines – you can verify the device’s authenticity and integrity once it has been manufactured,” he said. “Building in these ‘security questions’ for the device will provide you with concrete evidence that the device is solid and better guard your customers from potential threats down the road.”

As new advancements are made every day, both for and against the security of the ever-expanding IoT grid, the world’s tech-driven future will continue to rest on the backs of those leading the charge in the battle for digital defense. And, as technologists in The Corridor continue to advance their understanding of the competition and prepare the next wave of defensive experts, they will continue to gain ground in their fight for the safety of business and consumers, both in the U.S. and abroad.

A regional economic development initiative of: