Cybersecurity Certificate Offers Essential Skillset Amid Escalating (and Increasingly Creative) Cybercrime
It starts innocently enough. An employee receives an email that appears to be from a company superior attending a professional conference, asking them to click a link and upload an important presentation to the conference website. It feels urgent. The boss is in a bind. The employee clicks on the link, inadvertently installing vicious malware to the company’s network.
Piedmont Technical College’s (PTC) cybersecurity curriculum is teaching the future computer technology workforce to combat these types of attacks and more.
“Even though we were talking about cybersecurity issues, even though they’d been taught not to reveal things like Social Security Numbers, a lot of new students in a class exercise, when asked to provide their last name and the last four digits of their SSN, actually did it,” said Coronicca Oliver, interim program director for computer technology at PTC. “It’s called ‘social engineering,’ and it’s such a big thing.”
Manipulating our human tendency to trust, cybercriminals use all manner of social engineering tactics to gain access to information systems and wreak havoc that costs businesses an estimated $1.7 billion annually through creatively compromised emails alone. Most recently, in the wake of the Colonial Pipeline ransomware attack earlier this year, other forms of costly cybercrime have come to light. There were an estimated 65,000 ransomware attacks last year in the United States. Data breaches also may be enabled by stolen credentials obtained through phishing and malware attacks. In addition to the immediate financial cost of such breaches, there are pass-along costs that include loss of productivity, legal action brought by affected customers, a tarnished business reputation, and the costs of new security resources and training.
In response to an uptick in cybersecurity incidents, PTC began offering the Cybersecurity Certificate in 2017. Shortly before that, the Georgia Cyber Center in Augusta was established. The Center is a sprawling cybersecurity education, training, collaboration, research and development facility where soon PTC students will have an opportunity to visit after Covid restrictions have been lifted.
“I think one reason our leadership really drove us to create this program was because of the big center in Georgia,” Oliver said. “Cybersecurity today is a major concern of any industry. In the past, there was a lack of security measures. No one thought about it. Then Covid happened, and more people were online, and they got hacked. Zoom had to add security features because of that. Sometimes people don’t think about it until something happens.”
To specialize in cybersecurity, Oliver says, individuals need to be well-rounded with knowledge of many different areas of computer technology because all the parts comprise the whole that needs protecting.
“We tell our students that ‘programming’ is software; ‘networking’ is how you connect to that software; and ‘cybersecurity’ ensures that what you put in cannot be hacked or manipulated,” she said. “All of these components must work together.”
Historical perspective provides insights to system weaknesses today.
“At first, many years ago, security was linked with physical access. If you could physically get your hands on a computer or networking device, you would have free reign to do anything,” PTC Computer Technology Instructor Henry Ecker explained. “If you could restrict access to the hardware, you were protected. Things changed when computers got more networked and data became more portable.”
Another factor beyond rapidly increasing data portability was the size of the networks.
“When the internet started, there was a set number of devices,” Ecker continued. “You knew everybody on the network because it was very, very small. That is not the case now with billions of devices. So they introduced user names and passwords to better control access.”
For social engineering to work, perpetrators gradually establish trust, targeting the most vulnerable users, many of whom are those who did not grow up with the internet.
“On the corporate side, you have the people who are not versed in technology. A lot of people who fall victim are from an era when, if you couldn’t get in the room or access the physical equipment, then you were OK. It’s an attack on knowledge,” he said. “It’s very much akin to spying. The perpetrator is gaining trust, establishing a relationship, and when they ask for something, it doesn’t raise alarm bells.”
Ecker noted that knowledge and training combat security breaches pretty well. Sometimes an under-educated employee will see something and not question it because they don’t recognize it as suspicious.
Oliver says students who receive their Cybersecurity Certificate often can find immediate employment at a company’s help desk, and many continue their education, sometimes pursuing an associate in computer technology. Examples of entry-level positions for those holding Cybersecurity Certificates include security analyst, junior network administrator, and IT support technician. In addition to the Cybersecurity Certificate, PTC also offers an associate in applied science degree with cybersecurity concentration.
“Working on the help desk, they learn a lot about how the company works,” she said. “They are exposed to a wide variety of problem-solving scenarios. Then they are able to advance to the things that they love.”
“The technology changes on the fly. What’s secure today, in just 32 hours can become completely obsolete. You have to constantly keep up,” said Chris Amey, a 2019 graduate of the program now working for a software company in Charleston. “I think they have done a fantastic job with this program. The material is really hands-on. You see how to do it and do it for yourself in a controlled environment.”
The profile of cybersecurity training has expanded significantly in recent years, yet some companies actually choose to be less secure simply to make life easier. Ecker says companies actually do cost analyses to justify less-intrusive policies.
“The more secure something is, the more annoying it is to use,” he said. “Sometimes we risk security in favor of increased accessibility and convenience.” Nonetheless, cybersecurity professionals are more necessary than ever in order to keep up with new strategies by bad actors and maintain a balanced infrastructure for information security.
For more information about PTC’s Computer Technology Program, including the Cybersecurity Certificate, please visit www.ptc.edu/computer.
- Coronicca Oliver, interim program director for computer technology at PTC
- Cybersecurity Program Instructor Henry Ecker