About seven years ago, Clark College’s technology lab was hacked. Today, that’s where students in the college’s new cybersecurity bachelor’s degree program are learning how to fend off similar attacks.
Cyberattacks have become so commonplace that people have grown numb to the threat, even though these crimes are projected to cost $9.22 trillion this year, according to Statista’s Market Insights. Businesses now view dealing with cyberattacks as a normal cost of operating.
“It’s become … a commercial criminal enterprise,” said Dwight Hughes, director of Clark College’s cybersecurity program.
Rebound Orthopedics & Neurosurgery is the most recent local business to have fallen prey to a cyberattack, but Clark County government and Burgerville also have been struck in the past few years. And those are just the attacks that became public knowledge.
Washington law requires organizations that own or license personal information to notify Washington residents within 45 days of attacks that compromise unsecured personal information. But organizations that suffer attacks that don’t involve consumers’ information do not need to notify anyone. Health care companies follow specific federal laws that require patients to be notified of breaches targeting protected health information.
Eric Landon, director of operations and technology at Vancouver’s Riverview Bank, said businesses are affected beyond the initial attack.
“It’s the impact of the reputation because you’re all of a sudden on the evening news or in the newspaper,” Landon said.
A hit to a business’s reputation could influence its sales or even deplete its existing customer base.
Then there are the associated expenses — like identifying the issue, remedying it, notifying customers and determining how to improve cybersecurity going forward.
“All those things are a huge cost,” Landon said.
Clark College’s attackers didn’t end up with any student information when they hacked the technology lab because there wasn’t any there.
“But the hacker didn’t know that when they broke in there,” Hughes said.
Countering the threat
The booming cybercrime industry has led to increased demand among businesses for cybersecurity professionals. The state’s Employment Security Department projects annual growth of 5.3 percent in the field. Clark College developed its cybersecurity bachelor’s degree program to train people locally.
Mohammed “Giga” Alqeeq, Clark College’s lead cybersecurity instructor, said the program helps students learn from real-world scenarios.
The program launched in 2020 with a small cohort of students. It’s close to full capacity with nearly 100 students who are training to be professionals who will go into the workforce to defend companies against malware, phishing, ransomware and other cybercrimes that threaten companies and their data. The program is expected to grow to 150 people in the fall.
Landon said businesses should have strong security in place and do everything possible to make themselves less of a target. He said one option is to store more data offline.
“To some level, you’re going to have a breach and therefore need to be prepared to recover from that effectively without bringing your company to its knees,” Landon said.
Although companies work to protect their data, if it’s breached, they often pay ransoms to retrieve what was lost. The ransom may even be covered by insurance. But consumers’ information is still regularly compromised.
Iva Rody, chief programs officer at the National Center for Victims of Crime, said the impact that cyberattacks have on victims is sometimes missed.
“Information that’s stolen is often private,” Rody said. “A wide range of emotional impact comes along with financial fraud that not a lot of people realize.”
Victims may deal with anger, grief, loss, embarrassment, fear or simply frustration.
Stolen information is often distributed as well, Rody said. Identity theft can follow.
“It impacts their ability to be made whole,” she said.
Employees at a company that has been compromised may also deal with their own fears about opening email attachments or clicking on links.
“They don’t want to … feel like they were the one that caused the major problem,” Rody said.
Tips to prevent cyberattacks
Cyberattacks are common these days. But consumers can take steps to protect themselves, said Wendy Smith, chief risk officer at Columbia Credit Union. Here’s her advice:
- Do not click a link via text or email to “verify” your account or to confirm a transaction.
- Do not include personal information in a survey.
- Do not give your username, password or one-time passcode to anyone.
- Use unique passwords across all accounts.
- If you think a hacker has accessed your personal information such as your Social Security number, credit card numbers or bank account info, go to identitytheft.gov to report it and get a recovery plan.
AI spikes cybercrime
Experts expect the rapid development of artificial intelligence to further drive cybercrimes, making cybersecurity programs like Clark’s increasingly important to fight the ever-evolving threats.
Clark’s students aren’t there memorizing facts, but rather learning how to apply and synthesize knowledge, Hughes said.
“They have to be lifelong learners,” said Hughes, pointing to the rapid advancement of technology.
Hackers are always looking for weaknesses in new technologies.
“It’s always changing,” Alqeeq said. “It’s just a matter of time.”