Data Defender
Maintaining cyber security in an age of technological advancement
STORY BY ROBERT KRAUSE II | PHOTO BY JAKE PARRISH
(above) Sean Lyons, security engineer for the 3D Corporation, is photographed on Friday, May 1, 2015. A white-hat hacker, Lyons helps businesses and individuals protect their digital security from cyber attacks.
Taking a seat in front of his computer, Sean Lyons, 33, pushes distracting worry and anxiety from his mind; he needs to be 100 percent focused. His clients’ wellbeing depends on his success. If he fails to protect them from cyber-attacks, there could be consequences.
Although it sounds like science fiction, Lyons is a security engineer for the 3D Corporation and spends his time fighting cyber criminals.
The world of cyber security is fraught with danger; an estimated 83,176,279 records were leaked in at least 761 total security breaches in the United States in 2014, according to an Identity Theft Resource Center study.
THE REAL WORLD OF HACKING
Bob Finch, 62, Western’s assistant administrator and systems analyst, believes today’s world is set up to breed a generation of hackers.
“You see kids play video games, and they’ll try something the game designer didn’t expect them to do,” he says.
In the realm of video games, this type of behavior is largely benign, but if someone can do the unexpected in the real world, they can find bugs — flaws in security found in almost any webpage or computer network — and exploit them for information or profit. This is when they cross the line into malicious hacking.
Lyons, who has been exploring the world of cyber security since he was 13, is known as a white hat hacker and performs security assessments for clients to see how easy it is to get into a system.
A white hat hacker uses hacking in an ethical way to protect businesses and individuals from cyber-attacks. There are three types of tests, he says: black box, white box and grey box.
In black box tests, the tester takes on the role of a true hacker, trying to find flaws with no knowledge of the system.
In white box tests, the tester is given permissions within the system, such as those of an average administrator’s account, to see how much they can manipulate the system.
Grey box tests are somewhere in-between.
Each test is designed to find flaws within the system so the sponsoring company may fix them and better protect themselves.
Lyons began his journey into cyber security out of curiosity, seeing it as another puzzle for him to solve.
“I used to be a lot more cavalier when I was younger,” he says. “I’ve matured my own philosophical ideas of ethics, which led me to wear a white hat and protect those in need.”
Lyons remembers when a client fell victim to a CryptoWall ransomware infection.
Ransomware is a type of automated hacking program that goes through and encrypts files on a company’s system, making them inaccessible.
Next, the hackers will demand a certain price be paid, usually in the digital currency bitcoin, in order for the original user to regain control of their files.
The client Lyons worked for was lucky they caught the attack early, and was able to recover 99.9 percent of the data, with only slight document changes made.
If the client was unable to stop the attack, they could have lost a lot more than just a couple files, Lyons says.
“Some companies have had to close their doors,” he says. “[They] can’t recover from [an attack].”
Nearly 60 percent of small businesses with fewer than 250 employees close their doors within six months of a cyber-attack, according to a 2013 press release by the House Small Business Subcommittee on Health and Technology.
REAL-LIFE CONSEQUENCES
In 2014, Western employees were exposed to a phishing scam email asking them to confirm bank account information, putting more than 1,400 employees at risk of their personal information getting stolen.
For an individual, a cyber-attack can have long-lasting emotional effects, Finch says.
“For a lot of people this is a traumatic experience,” he says. “This is a huge invasion of privacy…it’s almost like someone broke into their house and took all of their stuff.”
Lyons and his family know the risks of cyber invasion all too well.
A recent Premera Blue Cross health insurance security breach has put the Lyons’ all at risk of identity theft.
The Premera attackers gained access to clinical information, bank accounts, Social Security numbers and birth dates, along with other vital information, according to the website.
Lyons was notified by Premera that his information could be at risk and was offered an identity-monitoring service.
He took the offer to prevent his compromised personal information from being used maliciously.
Lyons still fears for his family members and others who may not have been able to take the offer, he says.
His affected family members are all younger, which makes their information more at-risk and valuable to malicious hackers, he says.
“[They’re] more likely to be exploited because they don’t have a history,” he says. “Depending on what the attacker does with that information, it could follow [them] for years, if not the rest of their life.”
Lyons believes the direction the world is moving towards full connectivity and integration may provide him with more challenges, not less.
He believes new technology that can be used in everyday life, such as a refrigerator that can connect to the internet, can quickly turn into more than 10 million new entry points for malicious hackers to gain access to people’s personal information.
“Quite frankly, things are going to get worse before they get better in the world of cyber security,” he says.