Cyber attacks, iden­tity theft, credit card breaches, and com­puter viruses are some of the haz­ards asso­ci­ated with travel along the infor­ma­tion superhighway.Information secu­rity is an urgent and ongoing con­cern for busi­nesses and indi­vid­uals alike. Themis Papa­george, director of North­eastern University’s infor­ma­tion assur­ance pro­gram, assesses the real risk asso­ci­ated with cyber threats, and offers advice on how to make our vir­tual jour­neys a little safer and more secure.

A recent survey of 600 infor­ma­tion tech­nology (IT) exec­u­tives in 14 coun­tries found that many believe that Internet secu­rity is a growing threat to society. Why is this the case?
The number of cyber attacks has been increasing very quickly over the past 10 years due to the growing number of wire­less and dig­ital devices that people use in their daily lives. The impact of these attacks, from credit card theft to banking fraud, now affects the gen­eral public as well as large com­pa­nies and gov­ern­ment agen­cies. This accounts for annual losses totaling hun­dreds of mil­lions dol­lars and threatens national security.

Since so many crit­ical and highly sen­si­tive indus­tries, such as energy and banking, are using Web-​​based tech­nolo­gies, what infra­struc­ture is nec­es­sary to keep pro­pri­etary infor­ma­tion safe?
The infra­struc­ture must com­bine cyber defense tech­nology with soci­etal aware­ness and edu­ca­tion. People are behind these attacks. We need to edu­cate and train IT pro­fes­sionals to use the best prac­tices and tech­nolo­gies that are avail­able to defend against cyber attacks. The gen­eral public also needs to be alert to poten­tial attacks.
Since this is an inter­na­tional phe­nom­enon, we need to col­lab­o­rate and create a more com­pre­hen­sive tech­nical and legal frame­work to counter Internet secu­rity threats.

How exten­sive were the cyber attacks on Google in China?
Based on Google’s public state­ments, the cyber attacks were deep and wide­spread. The attackers were able to pen­e­trate Google’s sophis­ti­cated defenses, resulting in the theft of Google’s intel­lec­tual prop­erty and hun­dreds of thou­sands com­pro­mised e-​​mail accounts. In addi­tion, Google iden­ti­fied at least 20 other com­pa­nies that suf­fered Internet secu­rity breaches as a result of the same cyber attack.

If Google decides to leave China, how would that affect how infor­ma­tion is shared to and from China over the Internet?
I think the impact will be sig­nif­i­cant, at least in the short term. From a busi­ness per­spec­tive it will take some time replace the ser­vice that Google pro­vides, quoted at $600 mil­lion each year. From a tech­nical point of view, Chi­nese and inter­na­tional com­pa­nies that would step in to pro­vide this ser­vice will have to put addi­tional cyber defenses in place to thwart the next attack. In terms of U.S.-China rela­tions, both gov­ern­ments have expressed very dif­ferent views on this inci­dent, which if not resolved, could restrict infor­ma­tion sharing.

How will stu­dents enrolled in Northeastern’s Infor­ma­tion Assur­ance (IA) pro­gram be pre­pared to solve these prob­lems?
The pro­gram trains stu­dents to become effec­tive IA pro­fes­sionals and future chief secu­rity offi­cers. Our stu­dents have tech­nical or social sci­ence back­grounds that enable them to iden­tify vul­ner­a­bil­i­ties and put tech­nical coun­ter­mea­sures and poli­cies in place to pro­tect and defend orga­ni­za­tions from Internet secu­rity threats. In addi­tion, IA stu­dents grad­uate with both aca­d­emic and busi­ness expe­ri­ence through expe­ri­en­tial oppor­tu­ni­ties, better preparing them to meet real-​​world challenges.

How can the gen­eral public help pro­tect infor­ma­tion shared over the World Wide Web and other inter­ac­tive com­mu­ni­ca­tions chan­nels?
The gen­eral public can help pro­tect their pro­pri­etary infor­ma­tion by learning more about Internet secu­rity threats and using the avail­able tools to make Internet access more secure.
If you have access to a vir­tual pri­vate net­work, which adds an extra layer of secu­rity, I would sug­gest using it. If you are accessing your bank account online, look for the URL to read “https,” not “http,” as the “https” des­ig­nates that the infor­ma­tion is secured by encryp­tion. For e-​​mail com­mu­ni­ca­tion, it is better not to open an e-​​mail or an attach­ment if you do not know the sender. Above all, edu­cate your­self and be aware that “bad guys” are trying to breach Internet secu­rity mea­sures every day, 24 hours a day, 365 days a year.