Data breaches grow more expensive and cyber attacks become more sophisticated with each passing year, leaving businesses scrambling to defend themselves and their clients
By A.J. Kaufman
The average cost of a data breach in the United States amounted to nearly $10 million in 2022, up from just over $9 million U.S. dollars during the previous year and nearly double the price only a decade ago.
These expenses run the gamut and include the cost of discovering and responding to the breach, downtime and lost revenue, and the long-term reputational damage to a business and its brand. Cybercriminals target customers’ personally identifiable information — names, addresses, Social Security numbers and credit card information — and then sell these records in underground digital marketplaces.
The intricacies of security systems, often created by a lack of in-house expertise, can augment these costs. But organizations with a comprehensive cybersecurity strategy can better fight cyberthreats and reduce the impact of breaches if and when they occur. Thankfully, colleges in our region are at the forefront of tackling these challenges by preparing students to meet contemporary business demands and help organizations secure their valuable resources.
This includes ETSU. The university understands the surge in demand for cybersecurity expertise and recognizes that traditional classroom learning alone cannot sufficiently prepare individuals for this complex field.
“ETSU’s cybersecurity program has a significant role and commitment to providing an education that is not only comprehensive but also constantly updated,” Assistant Prof. Biju Bajracharya explained to the Business Journal. “This program is important in producing highly skilled professionals ready to tackle real-world scenarios and challenges posed by the ever-evolving cybersecurity landscape. In doing so, it can efficiently address the urgent demand for cybersecurity workforce development, fortifying our digital defenses and contributing to a safer and more trustworthy digital landscape.”
Earlier this year, the ETSU Cybersecurity Club placed third in the Southeastern Collegiate Cyber Defense Competition at Kennesaw State University in Atlanta. The gathering is one of the most popular cybersecurity competitions in the nation. Perhaps most importantly, three of the eight team members received on-the-spot job interviews and job offers for federal positions, such as cyber defense analyst.
Bajracharya has led the club since its 2022 founding and says its overarching mission is to “ignite an unwavering passion and empower students to immerse themselves in the ever-evolving realm of cybersecurity and aim to equip members for real-world scenarios and challenges that they may encounter in their future careers.”
The members convene weekly for discussions and preparation, all of which are geared toward ensuring students are prepared to confront threats presented by the continuously changing cybersecurity landscape.
“Recognizing the substantial surge in demand for cybersecurity expertise, we understand that traditional classroom learning alone cannot sufficiently prepare individuals for this complex and dynamic field,” Bajracharya, who joined the ETSU faculty two years ago, said. “Much like athletes who tirelessly hone their skills before facing their opponents on the field, cybersecurity professionals also require continuous practice and preparation.”
Among the rolling hills of Southwest Virginia, UVA Wise is involved in the arena, too. Daniel Orr, an adjunct instructor, has coordinated the cybersecurity program since its 2019 origin and teaches most of the school’s cybersecurity classes. He says the goal is to “provide graduates with a strong foundation in computer security and the technical background and instincts to tackle the new unseen challenges that are around the corner.”
Orr claims one important aspect of cybersecurity and information security courses at UVA Wise is learning through implementation, instead of memorization. The program also provides a baseline knowledge across topics, such as cryptography, software security, network security, malware and security controls.
“Attacks on technology assets are already common, and we can expect that trend to continue. Attacks are also growing in sophistication, and the modern cybersecurity workforce needs to match or exceed that level of technical sophistication to be effective,” Orr informed the Business Journal. “The primary challenge of cybersecurity defense is the goal itself. Everything has to be protected from all possible attack avenues, whereas an attacker might only need a single technique to be successful. This requires a cybersecurity workforce with a broad and deep understanding of the entire attack surface. This is difficult, given the tremendous scope of available technology.”
Currently there are 10 students at UVA Wise with a cybersecurity concentration. Five of those are management information systems majors, four are majoring in computer science, and one is focused on software engineering.
As Orr believes the adoption of technology tends to be market-driven, he and the faculty understand that no one wishes to be left behind on the newest trend.
“New technology is often implemented in production before it is fully mature, especially from a security perspective,” Orr, who has been at UVA Wise five years, said. “More security expertise is required during development to ease the burden on the implementer. Every technical role has a security aspect to it. While we tend to think of cybersecurity as its own field, a better understanding of security concerns across the workforce is needed to secure the future.”
Northeast State Community College in Blountville has long offered a program focused on cyber defense to train graduates to combat cybercriminals that plague everyday life.
Jim Holbrook is the school’s lead instructor and heads up the department of computer sciences. He says there are currently many more cybersecurity jobs than there are people to staff them, causing the United States to import workers from other countries to meet this important need.
“Having a trained, local workforce eliminates the need to import these workers or export the jobs overseas,” Holbrook told the Business Journal. “Graduates of our program help fulfill the need for these cybersecurity professionals by providing employers with a thoroughly trained workforce with applicable knowledge of current security frameworks, countermeasures, how to implement and test them, and much more.”
He explains that his role is to “refocus our efforts on cyber defense and bring it to the forefront of our learning portfolio to fulfill this national need.”
One appreciable benefit of Northeast’s program is the full focus on cybersecurity, from beginning to end, unlike schools that may offer a hybrid program, per Holbrook, who has been at Northeast for nearly four years.
“Our students have access to ever-evolving, certification-centric learning, as we use certification content and teach these courses with the intent that students will take these certification exams after completion,” he said.