Cybersecurity

Mitigating Cybersecurity Threats and Preparing for a Quantum-Driven Landscape

zqureshi — Mon, 23 Jun 2025 16:08:27 +0000

Mitigating Cybersecurity Threats and Preparing for a Quantum-Driven Landscape zqureshi June 23, 2025

Our digital lives are built on the promise of protected secrets. Every online transaction, personal file, and secure communication depends on complex encryption algorithms to keep that data safe from unintended exposure. For decades, the classic cryptographic algorithms known as Rivest–Shamir–Adleman (RSA), Digital signature algorithm (DSA), and Elliptic curve cryptography (ECC) have served as the most common and useful digital guards protecting our private assets. However, the emergence of quantum computing is introducing new challenges to how we keep information safe and demands a reevaluation of how cybersecurity professionals are approaching the quantum future.

Threats to Cybersecurity and Current Encryption Methods

Leveraging the principles of quantum mechanics, quantum computers possess the potential to solve computational problems exponentially faster than traditional computers. This capability poses a direct threat to many of our current encryption methods. The implications are far-reaching as vast amounts of secured personal, financial, governmental, and industrial data could become vulnerable to decryption in a matter of moments.

A recent study by Forrester suggested that all current cryptosystems could be hacked by quantum computers in as few as the next five years. And the financial and operational costs of successful attacks are expected to rise.

Concern within the technology community is growing, with 95% of software developers expressing worry regarding the security implications of quantum computing and cybersecurity experts warning about potential exploits. British accounting firm EY reported that malicious actors may already be engaged in a "harvest now, decrypt later" strategy—gathering encrypted data to be exploited later as quantum decryption capabilities become more sophisticated.

“The last decade has witnessed not just advancements in quantum hardware but also significant progress in quantum algorithms aimed at breaching cryptographic protocols. Additionally, considering the time value of data—the idea that security protocols must protect information throughout its entire lifecycle—emphasizes the urgency of transitioning to quantum-safe solutions.”

—Aaron Perryman, EY Asia-Pacific Financial Services Consulting and Digital Leader, Charles Lim, JPMorgan Chase, Global Head of Quantum Communications and Cryptography, and Kaushik Chakraborty, JPMorgan Chase, Applied Research Lead in Quantum Communications

Many organizations have been slow to adapt due to the complexity of the technology and the requirement for overwhelming infrastructure changes. Companies will also need people on IT and security teams who are well-educated in the intersecting fields of quantum computing and cybersecurity to strengthen key management practices, enhance network segmentation, and improve intrusion detection systems. As quantum computing may eventually enable more advanced attack vectors beyond decryption, such as faster brute-force or machine-learning exploits, companies must prepare now with both technology and trained personnel.

A Quantum-Resistant Approach

One promising and innovative approach to quantum cyber threats involves decentralized security networks. Unlike traditional centralized security systems that rely on only one central point of control, decentralized security networks distribute security responsibilities and data across a network of independent nodes or participants. This distributed architecture enhances resilience by eliminating single points of failure, increases transparency through distributed validation processes, and supports the development of novel security mechanisms that are inherently more resistant to quantum attacks.

The concept of Decentralized Physical Infrastructure Networks (DePIN) exemplifies this approach by leveraging blockchain technology and cryptographic principles to create secure and resilient physical infrastructure networks. The belief in DePIN's potential to address quantum threats is significant, with 87% of respondents in a Naoris Protocol survey expressing confidence in its pivotal role over the next decade.

Innovation at the Intersection of Quantum and Cybersecurity

While the quantum computing revolution presents a clear threat to cybersecurity, it also unlocks unprecedented opportunities within computer science and related disciplines. Quantum computers can accelerate breakthroughs in drug discovery through advanced molecular simulations, financial analysis and asset management, and the development of more sophisticated artificial intelligence and machine learning algorithms. Quantum computing itself can also contribute to the next generation of cybersecurity tools, including quantum key distribution and quantum-resistant cryptography.

Cybersecurity can help protect against the growing challenges posed by the integration of quantum computing primarily through developing and implementing post-quantum cryptography (PQC). These new algorithms are designed to be secure by not relying on mathematical problems that quantum computers can easily solve (like factoring large primes), but instead using problems believed to be hard even for quantum machines, such as lattice-based or code-based cryptography.

Another layer of protection comes from hybrid cryptographic systems, which combine classical and post-quantum algorithms to ensure compatibility with existing systems while preparing for future threats. This transitional approach allows organizations to test and implement PQC gradually, which can alleviate concerns about the immediacy of the finances and manpower needed to perform an infrastructure overhaul.

Cybersecurity policies must also evolve to include quantum risk assessments, supply chain audits, and international collaboration to align defenses with emerging standards. By taking proactive, multi-layered approaches, cybersecurity can stay resilient in the face of quantum-powered threats and reduce the burden of adoption over time.

Quantum Computing at Capitol Tech

Addressing the nature of quantum computing to serve as both a threat and a solution requires a dedicated force of skilled professionals. The demand for experts proficient in quantum computing principles, post-quantum cryptography, and decentralized security architectures is rapidly increasing. Continuous education, collaborating across industries, and supporting the development of post-quantum standards are going to be essential to ensure a secure digital future.

Capitol Technology University offers programs in Cybersecurity and Computer Science that prepare graduates to meet this demand, fostering the expertise necessary to mitigate the risks posed by quantum-powered cyberattacks and leveraging the transformative power of technology for innovation and security.

Explore what a degree from Capitol Tech can do for you! To learn more, contact our Admissions team or request more information.

Written by Jordan Ford

Edited by Erica Decker

Categories: Cybersecurity

How Cybersecurity is Addressing the Rising Threat of Online Romance Scams

zqureshi — Thu, 15 May 2025 17:54:00 +0000

How Cybersecurity is Addressing the Rising Threat of Online Romance Scams zqureshi May 15, 2025

Searching for friendships and relationships online has continued to grow in popularity, with an all-time high of 381 million people using dating apps in 2024. The convenience of dating apps, social media messaging, gaming platform chat, and other digital tools makes it easy to form connections with people both locally and globally. While these platforms provide a user-friendly forum for socializing, they also pose a risk as scammers can hide in plain sight and exploit users’ good intentions.

Romance and Friendship Scams in Cyberspace

According to the Federal Trade Commission (FTC), more than 65,000 victims lost a staggering $1.18 billion to romance scams in 2023. These scams commonly start through matching on dating apps or unexpected private direct messages (DMs) on social media. Once contact is established, scammers can craft intricate lies, using stolen photos or data and believable details to make their fake profiles incredibly convincing. Many fraudsters pose as celebrities, military personnel, or successful businesspersons to reel in their targets.

The psychology behind the success of a relationship scam lies in a victim’s emotional vulnerability. Scammers create a sense of urgency, trust, and emotional dependency, often by showering victims with excessive affection and attention early on. This manipulation—known as “love bombing”—lowers defenses, making victims feel more trusting and likely to comply with requests.

Scammers then exploit victims’ affection for financial gain. Payment methods like cryptocurrency and bank wires are particularly popular, accounting for over 60% of reported losses in these scams. Additionally, gift cards are frequently requested, as they’re harder to trace and easier to liquidate, as well as asking for help with emergency financial situations.

"Unlike traditional scams, [these scammers] rarely ask for money outright; instead, they manipulate victims into offering financial help through fabricated medical emergencies, legal crises, or investment opportunities."—Jonathan Frost, Director, Global Advisory at BioCatch

The Growing Role of Deepfakes and AI

The emergence of new technologies has made relationship scams more sophisticated and harder to detect. Scammers can now use AI and deepfake technology to create realistic images, videos, text messages, email communications, and voice recordings, making their fake identities appear more authentic. Victims may believe they are speaking to a real person, only to discover later that the entire interaction was digitally created.

The accessibility of these technologies has made it easy for even amateur scammers to create successful high-level deceptions. This scalability also means that fraudsters can target multiple victims simultaneously, increasing the reach and impact of their schemes.

Identifying and Avoiding Romance Scams

To combat relationship scams, the Commodity Futures Trading Commission recently launched the “Dating or Defrauding?” campaign. The campaign focuses on educating the public about recognizing red flags and taking proactive measures to avoid falling victim to online romance scams. The FBI also released a warning to highlight the rising prevalence and dangers of these scams.

Often with cybersecurity concerns, human factors play a critical role, where the weak point is the untrained eye of an unsuspecting victim. Here are a few ways users can spot relationship scammers and protect themselves.

Verify before you trust. Never rush into sharing personal information or giving away money—especially cryptocurrency—online, even with someone who seems trustworthy. If a stranger asks you for money, consider it a scam and stop communicating with them. If you think it is someone you know, like a relative or co-worker, call that person on the phone to verify it is them. Often, personal accounts can be hacked, and scammers will pose as that person, sending DMs to all their contacts for financial help.
Be cautious of over-affection. Scammers often use intense displays of affection to build quick trust. Proceed with caution if someone’s attention feels overwhelming or too good to be true.
Look for inconsistencies. Fake profiles often have inconsistencies in their stories or images. Reverse image searches can help identify stolen photos.
Report fake accounts. Most social media and dating platforms provide ways to report accounts, or to share the scammer’s information within a group or forum to warn others, or even reported to law enforcement.
Secure your accounts. Use strong passwords that you update regularly and avoid sharing sensitive information through online platforms. Learning and exercising personal cybersecurity tactics and using common sense can be your first line of defense to avoiding relationship scams.

How the Cyber Industry is Fighting Online Romance Scams

The cybersecurity industry utilizes several tactics to detect and prevent the rising threat of online relationship scams. AI and machine-learning models can be used to monitor platforms for suspicious behaviors such as repeated messaging patterns, rapid relationship escalation, and inconsistencies in user profiles. Image-recognition tools can help identify AI-generated, stolen, or reused photos, while natural language processing (NLP) systems are trained to pick up on common scammer dialogue or psychological manipulation tactics. These tools can flag potential spam accounts for human moderators to investigate, or even shut them down automatically, depending on the platform’s protocols.

The popular dating app Bumble recently announced their new AI-powered tool called the Deception Detector™, which was developed to better address fake, spam, or scam profiles. During testing, this software supported blocking 95% of these types of accounts automatically with improved accuracy. Another dating app, Hinge, states they “use a combination of machine-learning-driven technology and content moderators to maintain the safety and integrity of the Hinge experience.” Facebook has been using AI, machine learning, and hand-coded tools for several years to help remove fake accounts. In 2019, they reported more than 6 billion fake accounts were removed, and that number continues to grow.

In addition to technical solutions, the fields of cyberpsychology and cyber product management are playing an increasingly important role in understanding how scammers manipulate emotions and exploit systems. Certain branches of cyberpsychology as well as product management involve experts who collaborate with cybersecurity teams to identify and map the tactics commonly used by scammers—like “love bombing,” mirroring, and urgent crisis scenarios—and help in the product design of systems that can detect these behavioral red flags. This interdisciplinary approach demonstrates the industry’s work toward building increasingly resilient and trustworthy online platforms, where people can connect without falling prey to digital deception.

Cybersecurity Education at Capitol Tech

The growing threat of online relationship scams underscores the urgent need for education and skills development in cybersecurity.

Capitol Technology University is proudly designated as a National Center of Academic Excellence in Cyber Defense by the NSA and DHS. Our Cybersecurity programs prepare you for real-world cyberattacks and help you develop innovative defense strategies in our evolving, cyber-focused world.

To learn more, contact our Admissions team or request more information.

Categories: Cybersecurity

Cybersecurity in the Age of IoT: Protecting Our Interconnected World

emdecker — Wed, 07 May 2025 13:38:43 +0000

Cybersecurity in the Age of IoT: Protecting Our Interconnected World emdecker May 7, 2025

The Internet of Things (IoT) provides internet connectivity for an incredible variety of devices, from cell phones, computers, smart homes, and classrooms to industrial machines, autonomous vehicles, and more. By connecting and sharing data over the internet, IoT offers more than just convenience—it provides information at lightning speed, vastly expanding knowledge-sharing, process automation, remote monitoring, and real-time data analysis. But this quick access and efficiency comes with risks. With more than 24 billion IoT devices active today, hackers can use this technology against users to launch devastating cyberattacks.

The Inherent Cybersecurity Risks of IoT

Some types of IoT devices are less likely to have strong security features, making them easy targets for cybercriminals. Hackers can take advantage of weaknesses like easy-to-crack passwords, outdated software, or no built-in security protections to steal data, spy on users, or cause disruptions.

The rise of botnets, where a single hacker or group can take control of thousands—or even millions—of devices, is just one way that malicious actors are launching large-scale cyberattacks. One of the most infamous of these is the Mirai botnet, which exploits weak default passwords to install malware in IP routers, cameras, and DVRs, remotely controlling them to act as “bots” for further attacks. In 2016, compromised devices were used to launch a massive Distributed Denial-of-Service (DDoS) attack, which overwhelmed websites and online services and caused widespread internet outages affecting platforms like Netflix and Reddit. In late 2024, Cloudflare reported mitigating a record-breaking DDoS attack that targeted an East Asia-based telecommunications firm, with the attack peaking at a record 5.6 terabits per second and lasting 80 seconds. In early 2025, a large-scale DDoS attack caused intermittent outages to the social network X.

IoT devices in smart homes, fitness trackers, and industrial sensors also collect vast amounts of personal and business data. Without strong security, this information can be stolen or misused. IoT devices embedded in power grids, hospitals, and transportation also open these crucial systems to real-world harm, including critical infrastructure outages or medical equipment failures.

Strategies to Strengthen IoT Security

To reduce these risks, individuals and businesses must take proactive steps. Changing default passwords and using multi-factor authentication (MFA) can strengthen security and prevent unauthorized access. Keeping firmware and software updated is essential for fixing security holes and preventing exploits. Keeping IoT devices on a separate network from critical systems can also limit exposure in case of an attack, and encrypting communication between IoT devices can help prevent unauthorized access to sensitive data.

Cybersecurity experts play a key role in developing and using new tools to combat these challenges. Artificial intelligence can help identify unusual activity in real time, allowing faster responses to cyber threats. The Zero Trust Architecture approach requires every device to be verified before accessing a network, reducing the chances of unauthorized access. Blockchain technology can create secure, tamper-proof records of device activity, making it harder for hackers to manipulate data. As IoT expands, the need for cybersecurity professionals grows, with ethical hackers, security analysts, and IoT risk managers playing a crucial role in protecting these networks.

Education in IoT Security

IoT is here to stay, and its security challenges will only increase as the network of connected devices expands. Cyber professionals must stay up to date with technological advancements, and how they work for, and against, sensitive IoT systems.

Capitol Technology University’s award-winning programs in cyber and Information security can prepare you to create this safer and more secure digital world. With resources such as our Cyber Lab and Critical Infrastructure Center (CIC), as well as our expert faculty and partnerships with leading cyber agencies, Capitol Tech empowers graduates to succeed in this diverse and expanding field.

To discover our academic programs, contact our Admissions team or request more information.

Edited by Erica Decker

Categories: Cybersecurity

Cyber Attacks on Grocery Stores Threaten Food Security and Supply Chains

zqureshi — Fri, 07 Mar 2025 21:08:34 +0000

Cyber Attacks on Grocery Stores Threaten Food Security and Supply Chains zqureshi March 7, 2025

We’ve all seen news reports with pictures of empty grocery store shelves and closed checkout lanes. While the cause of these problems has often come from some combination of factors like panic-buying, natural disasters, understaffing, or physical supply chain problems, there are new concerns about the vulnerability of digital systems that increasingly manage everything from inventory to logistics to transportation and more. In the near future, those empty shelves may be caused by something more sinister—cyberattacks.

From Farm to Table: A History of Digital Transformation in the Food Industry

Historically, food safety and security in the United States has focused on the improvement of physical labor conditions, manufacturing plant sanitation, and product quality control. Over the last century, federal agencies like the USDA and FDA have set rigorous standards for food preparation, production, processing, and distribution to prevent contamination and reduce foodborne illnesses and related deaths. In today’s more technology-driven world, “food tech has become its own sector with the rise of big data, AI and the internet of things (IoT).” While this shift has brought innovations such as food product tracking, inventory management efficiency, and streamlined logistics, it has also created new vulnerabilities via cyber hacking.

According to a 2023 report by the Food and Agriculture-Information Sharing and Analysis Center (Food Ag-ISAC), the food and agriculture industry faced 167 ransomware attacks that year. This was the seventh highest out of eleven other sectors featured in the study, trailing critical manufacturing and financial services. The interconnectedness of the food industry’s infrastructure also creates vulnerability, as cyberattacks could quickly spread between systems and even affiliated companies. The food industry is estimated to be worth more than $1 trillion in the U.S., and with over 333 million people relying on the dependability of this market, the stakes are high.

Grocery Stores: The Next Cyber Frontier

A cyberattack on your local grocery store can create financial losses, threaten food security, and destabilize food supply chains. A successful attack could lead to those empty shelves at the store because companies cannot process deliveries. It could affect your wallet, too, because limited supply could eventually increase food prices. And the integrity of the food supply can be compromised if refrigeration systems are affected, causing food to spoil.

The often-limited cybersecurity resources and reliance of grocery stores on complex IT systems, especially among smaller regional chains, make them a prime target for cybercriminals to unleash attacks in a variety of ways.

Ransomware attacks using malicious software can prevent stores from processing payments, managing inventory, or even opening their electronic doors until they pay their attackers to release these systems. Data breaches can compromise sensitive customer information, eroding trust and increasing legal exposure. Attackers can also target third-party vendors to interrupt the flow of goods to stores. Point-of-sale skimming attacks, where compromised card readers steal payment data, can put customers at financial risk.

In 2023, Dole, a well-known fruit and vegetable distribution company, was forced to pause North American production and shipments, leading to a nationwide lettuce supply shortage. In 2021, JBS, a multi-national food company, was attacked by hackers, resulting in a ransom payout of $11 million.

“Food security is national security, so it’s critical that American agriculture is protected from cyber threats. No longer just some tech issue, cyberattacks have the potential to upend folks’ daily lives and threaten our food supply.” —Rep. Elissa Slotkin, D-Mich.

For consumers, limited access to food can have devastating effects, particularly in vulnerable communities already facing food insecurity. The possible panic-buying and price-gouging that might result could make it harder for families to put food on their tables. Consumers may also resist shopping at stores they perceive as vulnerable, which could result in loss of business and even bankruptcy for the company.

Building a More Secure Food Supply Chain

Protecting our food supply chain from cyberattacks requires proactive and coordinated strategies. At the federal agency level, it remains to be seen what impact the major 2025 federal staffing and funding cuts will have on the ability to introduce or maintain food safety and cybersecurity programs in the U.S.

To combat cyberattack threats, grocery stores must strengthen their cybersecurity infrastructure, including firewalls, intrusion detection systems, and data encryption. Regular vulnerability assessments and penetration testing can help identify weaknesses in systems before attackers can exploit them. Developing incident response plans is also crucial for minimizing the impacts of a successful attack. Outdated legacy systems should be reviewed and reworked as well, with modern technology and advanced cyber threats in mind.

"The legacy systems that many companies rely on today are not built to withstand the complexity and scale of modern cyber threats. Unknown and unresolved issues within the underlying legacy software will continue to expose the companies to catastrophic failure or cyber attacks." —Cory Brandolini, co-founder of Railtown

Collaboration and information-sharing within the food industry can help stores and suppliers stay ahead of evolving cyber threats. And as knowledgeable employees are typically the first line of cyber defense, comprehensive IT training and awareness programs to educate all staff—and consumers—about phishing scams, social engineering tactics, and other common attacks is a critical aspect of any cybersecurity plan. Protecting these digital systems and mitigating these threats is not only good for business, it is necessary for our communities to survive as we further integrate technology into this industry.

Exploring a Career in Cybersecurity

Addressing the complex challenges of cybersecurity in supply chain management requires well-educated professionals equipped with the specialized knowledge and skills necessary to defend against a multitude of threats. Capitol Technology University's critical infrastructure programs are uniquely designed to meet this demand. Our curriculum delves into the specific vulnerabilities of critical systems, providing students with hands-on experience in areas like network security, penetration testing, and incident response. With resources such as our Cyber Lab and Critical Infrastructure Center (CIC), as well as our expert faculty and partnerships with leading cyber agencies, Capitol Tech empowers graduates to succeed in this diverse and expanding field.

To learn more, contact our Admissions Department or request more information.

Categories: Cybersecurity

White House Cyber Initiative Aims to Fill 500,000 Open Cybersecurity Jobs

zqureshi — Fri, 22 Nov 2024 20:36:23 +0000

White House Cyber Initiative Aims to Fill 500,000 Open Cybersecurity Jobs zqureshi November 22, 2024

In an increasingly interconnected world, cybersecurity has become an international concern. From protecting sensitive data to safeguarding critical infrastructure, skilled cybersecurity professionals are in high demand. However, the shortage of qualified experts poses a significant challenge. Recognizing this urgency, the U.S. White House’s Office of the National Cyber Director recently launched the "Service for America” program, which aims to fill approximately 500,000 open cybersecurity positions in the United States by connecting Americans with jobs in cybersecurity, technology, and artificial intelligence (AI).

The White House Cyber Initiative Addresses Critical Shortage of Cybersecurity Professionals

The "Service for America" program is a collaborative effort between the federal Office of Management and Budget (OMB), and the Office of Personnel Management (OPM). The primary goal is to address the critical shortage of cybersecurity professionals in the American job market. By establishing clear pathways for individuals seeking cybersecurity careers, National Cyber Director Harry Coker Jr. explains, the initiative can bring awareness to unknown positions, as “many Americans do not realize that a cyber career is available to them.” Whether through formal education, apprenticeships, or reskilling programs, the initiative aims to guide aspiring professionals toward relevant opportunities.

Recognizing that diversity enhances problem-solving and innovation, the initiative actively encourages participation from underrepresented groups. In doing so, it seeks to create a more inclusive and robust cybersecurity workforce.

Specific actions taken in promotion of this initiative include the development of the National Initiative for Cybersecurity Careers and Studies (NICCS) Cyber Career Pathways Tool that “presents a new and interactive way to explore work roles within the Workforce Framework for Cybersecurity (NICE Framework).” USAJobs applicants are also encouraged to include the term “ServiceForAmerica” tag in their resume to make it more searchable for federal hiring managers. There are also several recommended portals and events that cyber career applicants are recommended to explore.

Additionally, the program is collaborating with universities, community colleges, and technical schools like Pennsylvania Cybersecurity Center (PCC) and University of Wisconsin-Whitewater (UW-Whitewater) to develop specialized cybersecurity curricula. By aligning education with industry needs, it ensures that graduates are well-prepared for real-world challenges. And because existing professionals need continuous training to keep pace with evolving threats, the program is investing in upskilling and professional development programs to enhance the capabilities of the current workforce.

Some institutions have been forging pathways to cybersecurity education for several decades. Since 1927, Capitol Technology University was established on the foundation of this need for accessible education in industry relevant skills, and offers Cybersecurity programs for professional career development. Designated by the National Security Agency (NSA) and Department of Defense (DoD) as a National Center of Academic Excellence in Cyber Defense (NCAE-CD), Capitol Tech is a recognized leader in cyber education.

Examining Other Cyber Workforce Initiatives

Other cyber initiatives, such as "Service for America," build upon previous efforts by the government to bolster cybersecurity education and recruitment. The National Initiative for Cybersecurity Education(NICE) was launched in 2014 by the National Institute of Standards and Technology (NIST) to focus on cybersecurity education, training, and workforce development. It provides a framework for defining skills, competencies, and career pathways.

The Scholarships for Service program, administered by the National Science Foundation (NSF), offers scholarships to undergraduate and graduate students pursuing cybersecurity degrees. In return, recipients commit to working in federal agencies for a set number of years upon graduation. Similarly, the CyberCorps Scholarship for Service program provides scholarships to students studying cybersecurity. Graduates then serve in government agencies or critical infrastructure sectors, helping protect national interests.

The Critical Need for Cybersecurity Professionals

Malicious actors can use advancing technology like AI and cyrptography to better exploit vulnerabilities in software, networks, and critical infrastructure. The need for skilled professionals who can defend against these threats is more critical than ever. Cybersecurity experts play a crucial role in ensuring system integrity, while also protecting against and mitigating the fallout from an increasing number of data breaches and cyberattacks.

The "Service for America" initiative represents a significant step toward closing the cybersecurity job gap. By educating, diversifying, and upskilling the workforce, government and private organizations can better defend against cyber threats and secure our digital future.

To learn more about Cybersecurity programs at Capitol Technology University, contact our Admissions team or request more information.

Categories: Cybersecurity

Are Passwords Becoming a Thing of the Past?

emdecker — Mon, 09 Sep 2024 14:58:48 +0000

Are Passwords Becoming a Thing of the Past? emdecker September 9, 2024

In recent years, a conversation around the future and usefulness of passwords has grown among tech giants and cybersecurity professionals. The possibility of a password-less future, while not entirely new, has gained significant interest with the advancement of artificial intelligence, biometrics, and other technologies. While a complete shift away from passwords has yet to materialize, it may be closer than ever before.

The Password Landscape

Passwords have long been the cornerstone of digital security, but their effectiveness has been increasingly questioned. The rise in data breaches, phishing attacks, and the general inconvenience of managing multiple complex passwords have led to calls for a more secure and user-friendly solution. Several tech companies are at the forefront of the password-less movement, each implementing innovative methods to enhance security and improve user experience.

Microsoft, for instance, has introduced password-less sign-ins for many of its services, using methods like Windows Hello, which leverages facial recognition, and FIDO2 security keys, which allow users to authenticate with biometrics or a security key. Google has been promoting the use of two-factor authentication and has integrated biometric authentication into its services as well, recently announcing that passkeys would replace passwords as the default sign-in method. Apple’s Face ID and Touch ID are prime examples of biometric authentication that aim to replace traditional passwords. These companies are not only enhancing security but also improving user experience by reducing the reliance on passwords and creating an easier and more convenient authentication process.

Password-less Pros and Cons

According to Verizon, more than 80% of data breaches result from weak or compromised passwords, so the push for password-less authentication brings several advantages. Enhanced security is a significant benefit, as password-less methods such as biometrics and hardware tokens are generally harder to steal or replicate due to their nature. Eliminating the need to remember multiple passwords simplifies the user experience, and biometric authentication, for example, is quick, easy, and always within the user’s control. Additionally, with less credentials to steal, phishing attacks could become less prevalent.

However, a password-less future would also present new challenges. Implementation costs can be a significant barrier for organizations, as transitioning to password-less systems would likely require new hardware and software for capturing or storing biometric or passkey data. Many alternatives are only available on select websites and apps, meaning users may need to manage both passwords and alternative authentication methods until the technology becomes more widely used. Because biometric data cannot be changed, it can pose significant privacy risks if compromised. And not all users may have access to the necessary technology, such as smartphones with biometric capabilities and physical security keys, nor is everyone comfortable with having their biometric information captured for privacy reasons.

The Impact of AI on Cybersecurity and Passwords

AI is playing a crucial role in the development and implementation of password-less authentication methods. Behavioral biometrics, for instance, use AI to analyze patterns in user behavior, such as typing speed and mouse movements, to authenticate users without the need for passwords. AI-powered voice recognition systems are also being developed to authenticate users based on their unique vocal patterns. Additionally, AI algorithms can detect unusual activities and potential security threats in real-time, providing an additional layer of security.

The intersection of AI and cybersecurity is fostering new trends that support the move towards password-less authentication through "adaptive authentication." AI systems can adapt authentication methods based on the context, such as the user’s location or the device being used, which can enhance security without compromising convenience. Continuous authentication is another trend where AI continuously monitors and authenticates users throughout their session, thus reducing the risk of unauthorized access. The zero-trust security approach, which assumes that threats could be both external and internal, leverages AI to continuously verify users and devices, making password-less authentication more robust. Conversely, AI technology is also making it easier for passwords to be cracked through tactics like “smart-guessing algorithms.”

While passwords have been a staple of digital security for decades, the push towards password-less authentication is gaining momentum. Tech companies are leading the charge, leveraging AI and other technologies to create more secure, robust, and user-friendly authentication methods. However, the transition comes with its own set of challenges, including implementation costs and privacy concerns. As AI and cybersecurity continue to evolve, the dream of a password-less future may soon become a reality.

Cybersecurity Programs at Capitol Tech

Capitol Technology University offers a variety of Cybersecurity and Computer Science programs that can prepare you to create a password-less future and analyze the risks and cyberthreats of today’s digital landscape. To learn more, contact our Admissions team or request more information.

Categories: Cybersecurity, Artificial Intelligence

Top Cyber Scams to Watch Out For in 2024

emdecker — Mon, 22 Jul 2024 15:17:46 +0000

Top Cyber Scams to Watch Out For in 2024 emdecker July 22, 2024

Digital-based scams are nothing new, but recent technological developments – especially in artificial intelligence – are helping scammers grow more sophisticated in their attacks and leaving users more vulnerable. In 2023, the FBI reported nearly 900,000 cases of suspected internet crime totaling nearly $12.5 billion in damages and losses. The lucrative nature of these attacks and the challenge users face in battling these evolving schemes means these numbers are likely to increase in the future unless we take proactive measures to protect ourselves. Here, we look at some of the newest and most innovative scams to watch out for in 2024 and beyond.

Crypto Scams

Investment scams promise huge financial gains on cryptocurrency investments for the holder if they transfer their cryptocurrency to the fake financial manager. Scammers may also pray on individuals’ vulnerabilities by posing as celebrities or potential love interests, or socially engineer scams through social media. Once the crypto is transferred, the criminal sells or offloads the coin, leaving the original holder empty-handed.

Cryptocurrency phishing scams involve deceptive tactics that trick individuals into revealing sensitive information, such as private keys or personal details related to their digital wallets. Scammers often initiate these attacks through email, social media, and text messages. By sending emails that mimic legitimate crypto exchange communications or creating lookalike replicas of authentic crypto trading platforms, scammers may get users to unknowingly enter their private keys onto these sites.

Scammers are also targeting crypto holders through fake software upgrades and stealing two-step verification codes often required to access digital wallets. Others set up fake crypto exchanges and wallets, enticing users with lower prices and frequent investment requests.

Robocall Scams

Long the bane of nearly all recipients, robocalls are nothing new. However, as these calls become powered by artificial intelligence, they are becoming increasingly convincing and manipulative. AI can be used to clone voices and spoof numbers, making scam calls look like legitimate outreach from banks, government agencies, and other organizations. “When combined with well-thought-out social engineering campaigns, GenAI can cause unprecedented financial damage in mass-scale phishing or fraud campaigns,” states Dr. Ilia Kolochenko, an adjunct professor at Capitol Technology University and global cybersecurity expert, in his recent interview with Fox News.

AI is even being used to spoof voices of family members and other loved ones to fake kidnappings and demand ransom. These scams are so prevalent and dangerous that using AI-generated voices in robocalls is now illegal in the United States.

Exploitive Emails

The number of exploitive spam and scam emails that people receive daily is daunting. Some hackers have found a new exploitation by using a workaround within OneDrive and the app, OneNote. They send what looks to be a legitimate link to your email, which opens a OneNote file. There may be a “button” to press, such as “View PDF Here,” which is actually an overlay banner hiding several run scripts and .exe (execute) files underneath. When you click the “button”, you initiate a malware download onto your device. They can also manipulate the OneNote file to ask you to enter your OneDrive credentials. If you receive an unexpected OneDrive or OneNote file from a trusted sender, such as in the workplace, it is best to call the sender to be sure it’s safe before opening.

AI-Powered Scams

Despite many of these tech-based scams being around for decades, artificial intelligence is helping to make them easier to set up and harder to detect. AI is being used to write more believable text for phishing emails and create fake social media profiles that can trick users into sharing personal information. Fake apps and websites may claim to use GPT technology but are a vehicle for scammers to trick users into entering sensitive information. And AI-powered scams are deceiving people in two of their most vulnerable settings – in the workplace and in their love lives – by creating convincing but fake job postings and online dating profiles. Backed by AI, these scams can more efficiently and effectively trick users and leave them vulnerable to financial and emotional exploitation.

Other Cyber Threats

While these scams may be the most novel or prevalent, there are plenty of other cyberthreats threatening our financial security. Instead of being erased chemically, physical checks can be altered digitally and reprinted to show a new payee and then deposited through a mobile banking app. Scammers can also capture your simple responses during a phone call to create a deepfake of your voice to navigate automated phone menus and conversations for their benefit. These deepfakes can be applied to the common “grandparent scam,” where someone pretends to be a grandchild in legal trouble who calls their grandparent asking for money. In a similar tactic, scammers may pretend to be a family member who is having trouble on a trip – a lost wallet, a run in with police, a medical emergency – and then reach out to a person’s phone contacts or Facebook friends asking for money. Fraudulent claims that you’ve won a digital sweepstakes can leave you vulnerable to identify theft as well, as scammers may ask for personally identifiable information like a social security number to distribute your prize. When they have that information, they can open credit cards in your name and access other financial resources.

Quick Tips for Protecting Against Scams

When protecting yourself against cybercriminals, you must be vigilant and wary of incoming threats. From emails to physical mail to phone calls to social media messages – each of these avenues has potential for scams. Below are just a few of the many tips that can help prevent falling victim to such crimes:

DO NOT CLICK any links within an email, text, or social media message that you do not trust. If you do trust the sender and they send you a link unexpectedly, call them to verify first. Even trusted sources can get hacked, and even just clicking a link or opening a PDF, etc. can install malware onto your computer.

If it sounds too good to be true, it is. Do not trust offers of money, free items, or suspiciously good deals, especially if it requires an exchange of sensitive information, money up front, or bargaining outside of a protected site.

Hover your mouse over a hyperlink (do not click it) to check what the actual link directs to – if it is different from the hyperlink text, avoid it.

Be wary of solicitors that call you first, or out of the blue. For example, if your bank calls you asking for information, politely hang up and call the number on their official website and check if they just called you. More likely than not, the original call was not from them.

Look out for spoof numbers that pretend to be from a legitimate source. Malicious actors can mask their numbers to read as actual government agencies like the FBI.

Agencies like the IRS, MVA (DMV), and United States Postal Service have specific methods of contacting you and what information they collect. For example, the IRS will never call or email you, they only send physical mail, and the USPS will not text you about a package hold. Be wary of suspicious communications from people who claim they are from these agencies.

Shred documents and mail that display your information before throwing them away.

Be on the alert for Facebook marketplace or Craigslist scams, like fake paper bills, fake Zelle and PayPal emails or texts, and other scams.

Do not log into an account from an email or text received. Type the site into your browser or log in from the app.

Set up online banking alerts for any transaction run on your credit card or accounts. Most banks will send a text alert for any charge, or changes made to your account, but you often need to set these parameters yourself.

Consider setting up secure online payments for bills instead of sending physical checks in the mail, as this practice has become increasingly risky.

Install and routinely run anti-virus on your devices from trusted vendors and have your Windows, Android, or Apple software set to update regularly. Security patches are important for protecting your computer and cell phone.

Do your research – watching the news, joining your neighborhood’s Nextdoor app group, and searching information online from legitimate sites can help you stay in-the-know as to what to watch out for when it comes to both local and global scams.

Cybersecurity Education with Capitol Tech

Capitol Technology University is a leader in cybersecurity education, recognized by the National Security Agency (NSA) and Department of Defense (DoD) as a National Center of Academic Excellence in Cyber Defense (NCAE-CD). We are committed to cyber education that emphasizes the ethical and technical proficiencies needed to excel in the field. Our Cyber & Information Security programs teach students how to identify and protect against cyber scams that threaten organizations, helping them become experts across many industries and trades. For more information, contact our Admissions team or request more information.

Categories: Cybersecurity, Artificial Intelligence

The Importance of Higher Education in Cybersecurity Studies

emdecker — Thu, 06 Jun 2024 13:06:05 +0000

The Importance of Higher Education in Cybersecurity Studies emdecker June 6, 2024

The global demand for cybersecurity professionals is significant. Despite recent growth in the field, there’s still a shortage of roughly 4 million cybersecurity experts. And many cybersecurity jobs are resilient to economic downturns, making them a secure choice for your career.

Whether you're a student or a professional, gaining formal education and expertise in cybersecurity is paramount. University programs can provide a comprehensive understanding of technical expertise combined with practical experience and interpersonal skills. A cybersecurity degree can open doors to diverse, adjacent career paths and networking opportunities. Staying on top of emerging trends through continuous learning and certifications is crucial. Universities must adapt by offering relevant curricula, industry collaborations, and alignment with certifications. By doing so, they play a crucial role in preparing the next generation of cybersecurity professionals to safeguard our digital landscape.

Earning a Cybersecurity Degree

Pursuing a degree in cybersecurity is a valuable step for those aspiring to join the field. Cybersecurity programs offer a well-rounded education, covering key areas such as network security, programming, cryptography, incident response, risk management, and risk assessment. This foundational knowledge, encompassing computer science, networking, information systems, and security principles, equips students with a robust understanding of cybersecurity fundamentals, including the nature of cyber threats and strategies to counter them.

These programs can also provide practical experience with security tools and technologies through labs and projects, ensuring students are job ready. Importantly, they can foster the development of critical thinking, problem-solving, and communication skills, which are vital in a field where technical information often needs to be conveyed to non-technical stakeholders.

The combination of theoretical knowledge and hands-on technical skills is highly sought after by employers. Obtaining a degree not only demonstrates a commitment to the cybersecurity field and a solid grasp of its core concepts, but it also enhances one’s credibility as a subject matter expert – often ensuring a higher salary to reflect this.

A cybersecurity degree can pave the way for a broad spectrum of career paths and advancement opportunities within the field. It allows for specialization in areas such as cyber defense, ethical hacking, and cyber policy, and creates opportunities in diverse industries, including finance, insurance, healthcare management, and consulting. Additionally, a foundation in cybersecurity can inform adjacent fields like cyberpsychology, critical infrastructure, law enforcement, and more.

Furthermore, university programs often enable networking opportunities with industry professionals, professors, and fellow students. These connections can offer valuable insights, advice, and job opportunities, as well as foster collaboration on projects and research that can enrich the learning experience.

Continuing Education and Professional Development

The field of cybersecurity is in a constant state of flux, with new threats, technologies, and regulations regularly emerging. A formal education equips you with the necessary tools and mindset to adapt to these changes and stay at the forefront of your career, as it is crucial to stay informed about current trends and tactics.

In addition to a degree program, earning industry-relevant and job-specific certifications may be necessary and can enhance your resume, particularly with professional experience earned. Certifications such as the Certified Information Systems Security Professional (CISSP), Cybersecurity and Infrastructure Security Agency (CISA), and Certified Ethical Hacker (CEH) are well-regarded in the cybersecurity field and can strengthen your marketability and career prospects.

Technological advancements, such as the rapid expansion of Internet of Things (IoT) devices and the rise of AI, along with unforeseen challenges like the COVID-19 pandemic, can introduce new vulnerabilities and opportunities for the exploitation of sensitive systems and information. Self-learning is key to staying informed and adaptable in the ever-changing cyber landscape. This can be achieved through online resources, courses, and active participation in online communities and conferences.

A blend of formal education, certifications, and a commitment to lifelong learning can lay a strong foundation for a successful cybersecurity career, enabling you to safeguard your organization’s assets effectively – effectively making you a highly sought after candidate in a competitive job landscape.

Building Strong Cybersecurity Programs in Higher Education

To stay relevant in cybersecurity education, universities need to adapt their programs to keep pace. Designing a strong curriculum that covers both fundamental concepts and in-demand skills like ethical hacking and cloud security is critical. Updating courses regularly and recruiting faculty with industry experience can ensure students learn from those who have been in the field.

Educational programs that teach both cybersecurity theory and practical experience through labs, simulations, and real-world projects are better suited to prepare their graduates for success. Similarly, universities can facilitate industry collaborations by partnering with cybersecurity companies, government agencies, and non-profits. This opens doors for guest lectures, internships, and joint research projects, giving students valuable industry exposure. Because cyber education should continue after graduation, universities should integrate content aligned with industry certifications that prepare students for credentialing exams.

Universities should seek designations such as National Centers of Academic Excellence in Cybersecurity from the National Security Agency to showcase program quality and attract talented students. Finally, universities should promote diversity in the field by encouraging underrepresented groups to pursue cybersecurity careers. Coupled with efforts to teach students about ethical hacking, privacy, and legal considerations, these initiatives can ensure students graduate as responsible cybersecurity professionals.

Cybersecurity Programs at Capitol Tech

Cybersecurity is a constantly changing field, where earning an accredited degree can position you for long-term success. Capitol Technology University’s degree programs in Cyber and Information Security prepare you through an award-winning curriculum, hands-on skills, and networking opportunities with the world’s top experts, government agencies, and corporate partners – all invested in your progress towards mastering cybersecurity.

Capitol Tech is a leading STEM institution with a strong history of cybersecurity higher education. We provide many offerings to our students to boost their cyber-focused learning. A degree with Capitol Tech is highly regarded within the industry and can help distinguish you in an ever-changing and competitive field.

To learn more, contact our Admissions team, attend an online info session, or request more info today!

Categories: Cybersecurity, STEM

The Urgent Need for Women in Cybersecurity

edragisic — Thu, 02 Mar 2023 19:54:37 +0000

The Urgent Need for Women in Cybersecurity edragisic March 2, 2023

In recent years, the field of cybersecurity has become increasingly important as businesses and governmental industries rely more on technology to store and protect sensitive data. Despite the critical role that cybersecurity professionals play in protecting these assets and the extraordinary need for a full workforce, the industry has traditionally been dominated by men. However, there is a growing recognition that we need more women in the field of cybersecurity to address the shortage of skilled professionals and to bring diversity of thought and skill to the industry.

The Demand for Women in Cybersecurity

First and foremost, the cybersecurity industry is facing a shortage of skilled professionals. According to a report by (ISC)², the world's largest nonprofit association of cybersecurity professionals, the global shortage of cybersecurity professionals reached 4.07 million in 2019, up from 2.93 million in 2018. This shortage is a significant concern, as it means that businesses and government agencies are struggling to find the expertise they need to protect their assets from cyber threats. Increasing the number of women in the field can help to address this shortage, as women represent a largely untapped source of talent in cybersecurity.

Women are also uniquely positioned to address the cybersecurity skills gap in developing countries. In many other countries besides the US, there is a shortage of skilled cyber leaders. Female cybersecurity professionals can help to address this gap by taking positions overseas, while also promoting gender equality and empowerment in these countries. Through the right education and training, women can help close the tech skills gap in developing nations.

The Value of Increased Diversity in Cybersecurity

Women also bring diversity of thought and unique perspectives to the cybersecurity industry. Research has shown that diverse teams are more innovative, productive, and creative, as they bring different viewpoints, experiences, and skills to the table. This is particularly important in cybersecurity, where attackers are constantly evolving their tactics and techniques. By having a diverse team of cybersecurity professionals, organizations are better equipped to identify and respond to emerging threats.

Finally, increasing the number of women in cybersecurity can help to promote a more inclusive and diverse industry. Women currently make up only a small percentage of the cybersecurity workforce, and they face many challenges including unconscious bias, discrimination, and lack of representation. By employing more women in cyber, we can help to create a more inclusive and welcoming environment for all cybersecurity professionals, regardless of gender, race, ethnicity, or background.

Capitol Technology University recently opened the Center for Women in Cyber for this very purpose––to promote the inclusion of women in this critical industry and to give the future female industry leaders a voice. Through training programs, webinars, workshops, and other events, the Center for Women in Cyber encourages women to step up and become role models within the cybersecurity industry and take charge of a field largely dominated by men.

Written by Erica Decker

Categories: Cybersecurity, Women in STEM

Social Engineering Threatens Windows 11 Upgrade

emdecker — Thu, 24 Feb 2022 17:16:33 +0000

Social Engineering Threatens Windows 11 Upgrade emdecker February 24, 2022

Windows 11, the latest version of the Microsoft Windows operating system (OS), was released in October 2021 with a broad upgrade deployment hitting in late January. Between media related to the OS release and many systems pushing out recommended checks for upgrading, users were encouraged to check out the new version. For hackers, it was the perfect time to employ social engineering tricks to lure users into installing malware via a fake installer.

Hewlett-Packard (HP) was the first to identify the malicious software. On January 27, the day after Windows posted their announcement of the OS’s final upgrade phase, hackers registered the domain “windows-upgraded.com” to an organization located in Moscow, Russia. This housed a fake installer containing malware, HP’s Threat Research Blog reports. HP refers to this as a “topical lure” – since this was a hot topic at the time, that can be easily used to take advantage of users’ expectations and interest. Creating domain names that are similar to existing and trusted domains is a popular form of social engineering. Many users don’t look that closely at the URL they are visiting – especially if that link is found and clicked on via a search engine.

“The attackers copied the design of the legitimate Windows 11 website, except clicking on the ‘Download Now’ button downloads a suspicious zip archive called Windows11InstallationAssistant.zip,” reports Patrick Schläpfer for HP. “The file was hosted on Discord’s content delivery network.”

The malware used to create the malicious software is RedLine Stealer, an inexpensive and widely available malware that gathers information from users’ browsers, including saved credentials, autocomplete data, and credit card information. HP did not share any details on how many people may have been impacted by the malware.

HP quickly discovered that the compressed installer download was only 1.5 MB, but once decompressed, expanded to 753 MB in size, showing a far larger compression rate than typically seen with executable files. HP says this is because the .exe contained a large quantity of highly compressible padding.

“One reason why the attackers might have inserted such a filler area, making the file very large, is that files of this size might not be scanned by an anti-virus and other scanning controls, thereby increasing the chances the file can execute unhindered and install the malware,” states Schläpfer.

HP shares that a similar attack was conducted back in December 2021, which utilized RedLine Stealer to disguise malware within a Discord installer. In that instance, the hackers bought “discrodappp.com” and implanted malware into the app’s install software.

“In both campaigns, the threat actor used fake websites mimicking popular software to trick users into installing their malware, registered the domains using the same domain registrar, used the same DNS servers, and delivered the same family of malware,” says Schläpfer.

Both instances highlight the importance of ensuring cybersecurity professionals are aware of the latest updates to frequently used systems and software. It is also vital that cybersecurity departments ensure that the employees within their organizations are educated on knowing what resources to trust when it comes to installing or upgrading software – both personally and professionally.

Want to learn more about cybersecurity? View the full list of bachelor’s, master’s, and doctorate degrees in cyber and information security. Many courses are available both on-campus and online. To learn more about Capitol Tech’s degree programs, contact admissions@captechu.edu.

Categories: Cybersecurity