Month: July 2024

Foundations of Cybersecurity: New Certificate From MTU.

Michigan Tech is offering both a in-person and online certificate in the Foundations of Cybersecurity. In nine credits, students will learn how to identify and describe the foundational principles of securing both a computer system and a computer network. They’ll also study the fundamentals of secure software development and apply them effectively.

This credential addresses cyber crime, a costly and dangerous global problem.

Brief Case Study: The WannaCry Ransomware Attack

Flash backward to seven years ago.

In 2017, the WannaCry ransomware worm spread rapidly across computers running the Microsoft Windows operating system.

This worm first encrypted files and then demanded ransomware payments–first 300$ and then 600$ in bitcoins. Unfortunately, even those who paid the ransom, such as a friend of this writer, still lost their files.

Screenshot of the 2017 WannaCry Ransomware attack.
The WannaCry Attack. Image Credit: (https://cdn.securelist.com/files/2017/05/wannacry_05.png/)

How did this attack happen? The worm wriggled its way in through a vulnerability in Windows’ Server Message Block (SMBv1) protocol (EternalBlue), used for file and printer sharing on Windows networks. Then, it installed DoublePulsar as the “backdoor” on compromised computers.

The U.S. National Security Agency (NSA) had previously disclosed the Eternal Blue weakness. Then, a hacking group called the Shadow Brokers leaked it onto the web and cyber criminals took lurking in the shadows took notice. Within a few days, WannaCry affected at least 200,000 computers and 300,000 devices in more than 150 countries. The attack caused widespread disruption, particularly in critical sectors such as healthcare, telecommunications, and manufacturing. One of the most notable victims was the UK’s National Health Service (NHS), which canceled both appointments and operations, turning patients away.

Microsoft quickly released security patches for versions of Windows with the Eternal Blue vulnerability. However, it had actually sent security patches two months earlier, which hadn’t taken effect because many organizations hadn’t taken the time to update their systems. Oops!

Training in the Foundations of Cybersecurity is Needed Now More Than Ever.

This attack, then, not only underscored the importance of updating systems regularly to install timely security patches, but also the need to quickly implement protocols of backup and recovery. Even more so, WannaCry revealed the demand for more well-trained, cybersecurity professionals from government agencies, private sector companies, and other organizations who could collaborate on and react quickly to global cyber crime incidents.

Along with ransomware, cybersecurity professionals must be ready to battle Advanced Persistent Threats (APTs), Phishing and Social Engineering, Zero-day attacks, high-profile data breaches, DDoS attacks, and many other types of cyber crime. The changing nature of cyber threats also requires organizations to continually improve their defenses and adapt to new attack vectors.

And digital transformation, vehicle electrification, robotic workplaces, and Industry 4.0 pose new challenges as well. That is, as organizations move to cloud environments and the IoT (Internet of Things) continues to proliferate, cybersecurity professionals must safeguard infrastructures and predict possible vulnerabilities.

More troubling news: In the last decade or so, cyber attacks have grown in sophistication, frequency, and size. In fact, according to US News, “Data breaches and ID theft are still hitting records.” Recently, on July 4, while this blog was being drafted, Cybernews reported that a file containing 9,948,575,739 plain text passwords was posted on a hacker site by the user Obamacare. This file, known as the RockYou24 leak, was a compilation of passwords that were collected from 4000 databases over the last two decades. (Previously, the RockYou21 leak contained 8.5 billion of these same passwords.)

With these passwords, Cybernews explains that “threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset.”

Here are Some Other Startling Statistics About Cyber Crime:

The Cybersecurity Talent Gap is Expanding.

But perhaps one of the biggest challenge that cybersecurity professionals face is that there are not enough of them. That is, many organizations are struggling to fill critical positions. The global cybersecurity employment gap, which reached 4 million workers in 2023 (ISC2 2023), is expected to expand to 85 million by 2030.

The United States is one of those countries facing a shortage of cybersecurity professionals.

Interactive heatmap from cyberseek that provides information on cybersecurity jobs in the US.
This interactive heatmap by cyberseek provides both an overall and granular look into US cybersecurity jobs.

Between September 2022 and August 2023, 572,000 US jobs opened up in the cybersecurity industry. This number is up 74% from 2010.

And in the US, there were 1.18 million cybersecurity professionals employed between September 2022 and August 2023, which is also an an increase of 59% since 2010.

To help address this talent shortage, Michigan Tech is offering both online and in-person certificates in the Foundations of Cybersecurity, which start in Fall 2024. Students can complete this certificate or use the credits to dive deeper into cybersecurity and progress towards a master’s degree. They can choose from either Michigan Tech’s MS in Cybersecurity or the MS in Computer Science.

To be eligible for the program, applicants must have earned an undergraduate degree in computer science, computer engineering, or software engineering. The online application is free and requires no GMAT or GRE.

This certificate adds to the roster of MTU’s already respected cybersecurity research program, recognized nationally for its academic and research excellence. In fact, the US National Security Agency designated MTU as a National Center of Academic Excellence in Cyber Research (CAE-R). This CAE-R designation, establishing that Michigan Tech has met the rigorous requirements set forth by the NSA, extends through the 2029 academic year.

The Future Looks Bright for Those with Skills in the Foundations of Cybersecurity.

When it comes to cybersecurity professionals, there are several possible career paths.

Take the career of Information Security Analyst, for instance. A person in this role will have several responsibilities. They must use and maintain software, such as firewalls and data encryption programs, to protect sensitive information. In addition, they must check for vulnerabilities in computer and network systems; research the latest information technology (IT) security trends; and prepare reports that document general metrics, attempted attacks, and security breaches.

Being vigilant and proactive are also essential traits of this cybersecurity professional as they strive to develop security standards and best practices for their organization and timely recommend security enhancements. And they are also heavily involved with creating their organization’s disaster recovery plan, which IT employees must follow in case of emergency.

Because of the importance of these tasks, the US Bureau of Labor Statistics predicts a need for several tens of thousands of these analysts, with a career growth of 32% (much faster than average.) And these jobs way well, too: the 2023 median salary of an information security analyst was $120,360.

Other Top-Paying Cybersecurity Jobs

  • Cybersecurity Analyst: $114,306
  • Cybersecurity Manager: $150,943 per year
  • Penetration and Vulnerability Tester: $124,424
  • Cybersecurity Architect: $147,142 per year
  • Cybersecurity Engineer: $131,768
  • Incident and Intrusion Analyst: $103,639
  • Cybersecurity Consultant: $124,275
  • Cyber Crime Analyst: $103,198
The US government employs several professionals trained in the foundations of cybersecurity.
The US government, which employs 11,000 cybersecurity professionals, advertised for 6000 jobs in 2023.

Educate Yourself to Meet the Growing Need for Cybersecurity Professionals.

The estimated loss of that 2017 WannaCry incident was about four billion dollars. That bill was just a drop in the bucket.

According to Cybersecurity Ventures, cyber crime is expected to grow by 15% a year in the next three years. What this prediction means is that cyber crime will cost the world $10.5 trillion annually by 2025. This figure includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, and other costs.

Professionals with training in the foundations of cybersecurity can not only save organizations a lot of money, then, but even save lives.

Yes lives. When a 2020 ransomware attack on Dusseldorf University Hospital (Germany) caused its IT systems to fail (30 servers!), the hospital could not admit emergency patients. As a result, staff directed a critically ill woman who needed immediate care to another hospital about 20 miles away. This delay in treatment, which contributed to the patient’s death, is often cited as the first death resulting from a cyber attack.

It is obvious that the costs of cybercrime , which are immense, multifaceted, and global, impact economies, organizations, and individuals. Because of these costs, cybersecurity professionals are needed across every sector and industry. But there is a particularly urgent need for them in financial services, health care, government, national security, manufacturing, and retail.

And the growing sophistication of cyber threats and the increasing reliance on digital technologies suggest that these costs will continue to rise, highlighting the crucial demands for both robust cybersecurity measures and the highly skilled and trained professionals to enact them.

Get Started on Your Foundations of Cybersecurity Certificate at MTU.

Three Ways Statistics Impact Elections

Statistics are involved in several stages of the election process.

125: that is the number of days until US Election Day, 2024. On November 5, the 47th president of the United States will be decided. So while campaigns are in full swing, and pollsters are making predictions, this blog focuses on the role of statistics in the election process.

At their most basic, elections allow citizens to exercise representative democracy by selecting individuals to occupy public office. Those selected then make critical decisions that impact citizens. And these ballots that officials tally are then transformed into statistical data, ultimately determining the election’s result.

However, statistics play a part in the election process long before voters cast their ballots. That is, officials use statistics to forecast election results, inform campaign strategy, and micro-target individuals.

An understanding of how statistics are used in elections, then, can enhance transparency for voters, as well as encourage all citizens to advocate for data privacy and security. Additionally, those interested in mathematics, statistical applications, and political science might be interested in learning about how statistics impact elections.

Statistics in Politics

Throughout history, statistics have played an important role in politics. Government bodies used statistics in the election process to support the formal decision-making processes that determine who will fill offices in the legislature. However, technological advancements, the accumulation of data, and the maturation of statistical models have made elections increasingly complex.

For example, in the past, politicians and their supporters would cast a wider net when campaigning for votes. But today, data analytics and digital resources allow parties to collect information about the public and then hyper-personalize campaign targeting. As a result, modern elections require statistical experts who can manage and leverage data while maintaining ethical standards related to trust, security, and privacy.

Below are the most obvious three ways that statistics impact elections.

Election Forecasts

Those creating election forecasts use legally available data and statistics to inform the public about the probable outcome of an upcoming election. Political statisticians recruit this data, along with reporting, historical patterns, and academic research to create a detailed account of the Senate and House forecasts.

In the United States, this process includes disclosing the favored party, estimating the number of seats in each House, and predicting whether the outcome will result in a majority government. In short, statisticians use a forecasting model to transform large data sets into meaningful predictions for future outcomes

How to Build an Election Forecast Model

  • Create a national database.
  • Clean and layer the data.
  • Plug the data points into a predictive model for forecasting.

Forecasting in Action

FiveThirtyEight is a website that uses statistics to predict election results.
The homepage of FiveThirtyEight on June 26, 2024

The popular website FiveThirtyEight, created by American statistician Nate Silver, is a staple of ABC News. The website’s primary objectives are advancing public knowledge and promoting transparency around voting outcomes.

To achieve these aims, it uses polling, economic, and demographic data to explore likely election outcomes. It also employs statisticians to build empirical statistical models for accurate election forecasts.

After the data is collected, experts then input it into Nate Silver’s forecast model. This model, which combines polling, economic, and demographic data, aims to provide an informed prediction rather than an unskilled guess.

And the website regularly updates its predictions too. For instance, on June 26, 2024, the site, after running 100 simulations, predicted that President Joe Biden and Donald Trump each had a 50% chance of winning the election. However, on July 2, 538 changed the prediction to 50% for Trump and 49% for Biden. And as the election nears, and uncertainty decreases, 538 claims its predictions will grow more accurate. This site exemplifies just one popular election forecast tool.

Election Campaign Strategy

The use of statistics in election campaigning has also changed dramatically. That is, historically, the only data that politicians and their supporters used to garner insights was that derived from the polls. In recent years, however, data and statistics have revolutionized election campaigns.

Today’s data-driven world offers campaign strategists a surplus of data points about past elections, voter preferences, and geopolitical influences. In addition, new communication platforms, such as social media, allow campaigns to profile their voters’ identities and needs. Statisticians can also harness publicly available data to inform campaign messaging, political priorities, and outreach.

Campaign research allows parties to investigate target audiences’ behaviors, attitudes, values, and beliefs to test campaign messaging, creativity, and delivery. According to The Commons Social Change Library, statisticians use the following quantitative and qualitative research methods to inform campaign strategy.

Quantitative Campaign Strategy Research

  • Benchmark Polls
  • Issue Polls
  • Longitudinal Surveys
  • Member Surveys
  • CATI (computer-assisted telephone interview) polls
  • Dial-testing

Qualitative Campaign Strategy Research

  • Deep dive interviews
  • Face-to-face focus groups
  • Online focus groups
  • Online communities

Once the previous research is complete, campaigners then test various messages. Alternatively, they might test the gap between their voters’ current stances and the desirable action. This job is a laborious one. Campaigners must strive for creating winning messages that make impactful arguments, define important issues, expose the opposition’s weak points, and tell compelling narratives.

Statisticians with a marketing background may excel in this area of research and persuasion. Why? They already have the foundational skills needed to create data-driven campaign strategies, from initial research to distribution.

Microtargeting in Elections

Before advanced data and statistics, campaigns often involved grass-roots approaches. These included direct mail, home visits, radio, television, and out-of-home marketing campaigns (ex., billboards, posters, etc.). Today, campaigns can leverage social media, digital marketing, and advanced data analytics to reach voters on their devices and tailor personalized messaging. This latter strategy is otherwise known as microtargeting.

Social media apps collect information and statistics on users in order to create targeted, personalized messaging.
Social media apps collect information on users to create personalized messages.

In microtargeting, the audience is segmented into specific groups, with each group receiving a message that speaks to their likes and needs. This profiling, though, is not new.

Consumers are already accustomed to online stores such as Amazon, as well as social media (TikTok, Facebook) understanding their preferences.

For instance, you purchase one book and Amazon recommends a similar one. You buy running shoes (a lot) and you’re now in a fitness/running channel.

Similarly, political parties and election campaigns use microtargeting to communicate with voters about their initiatives. The goal is influencing voting outcomes in their favor.

How Microtargeting Works

Micro-targeting uses statistics in a similar manner to that of election forecasting. First, statisticians collect and clean data points from a national database. Then, they layer on publicly available information, including email addresses, phone numbers, employment, education, purchasing patterns, IP addresses, etc.

Next, statisticians use predictive models to indicate for whom a voter is likely to vote and how likely a voter is to change their voting preference. These models also predict how lifestyle choices, such as being single or married, might affect voting behaviors. Statisticians also investigate how voters’ values align with topical issues like gun control, the climate crisis, abortion, immigration, and so on.

After the analysis comes the categorization. Each group is sorted into different channels. Each audience (channel) then receives personalized campaign messaging based on their beliefs and inclinations. The purpose is delivering the right campaign message, to the right voter, at the right time. (At its roots, microtargeting is a very deliberate form of kairos. In rhetoric, kairos is the identification of the critical moment to deliver a finely tuned persuasive message or to take an action.)

The Risks of Microtargeting

Advanced microtargeting, of course, has its downsides. Take the most famous example, which began in 2014. Cambridge Analytica, a political consulting firm, obtained the private Facebook data of tens of millions of users. It then unethically sold psychological profiles of American voters to political campaigns.

How did this microtargeting scam work? 270,000 Facebook users played with the supposedly innocuous personality profile app called “This Is Your Digital Life.” This app, created by scientist and psychologist Alexsandr Kogan, allegedly collected 5,000 data points from each participant.

What’s worse: participants didn’t read between the lines. When users gave this third-party app permission to acquire their data, they also gave the app access to their friends’ networks. The more friends = the more data exposed.

Kogan then sold this data to Cambridge Analytica. As a result, the company illegally compiled the data of about 87 million users who had not explicitly given Cambridge Analytica permission. The firm then used up to 50 million profiles for their predictive modeling. At the very least, the app developer breached Facebook’s terms of service by giving the data to Cambridge Analytica. After investigations began, the incident started a heated, nationwide conversation about the ethical principles of data, political targeting, and power. And about Facebook, data security, and cybersecurity.

Study Applied Statistics at Michigan Tech.

Election campaigning and increased microtargeting are very much still with us. Therefore, firms that generate value from personal data must consider the ways they acquire it, share it, protect it, and profit from it. Statisticians who work for these firms must also stay in line with ongoing legislative efforts that respect users’ privacy and security.

Curious about how statistics make a difference in elections? Are you fascinated by the data-driven side of political science? Do you want to ensure statistics are collected ethically? Alternatively, maybe you’re interested in developing the skills for collecting data and using applied statistics in business, government, finance, insurance companies, and more.

If you answered yes to these questions, Michigan Technological University’s Online MS in Applied Statistics offers students foundational knowledge in statistical science and methods while utilizing the latest industry-standard statistical and data analysis software. After graduation, you can set yourself apart in the competitive workforce with not only specialized skills, but also the accountability to act with integrity, honesty, and diligence.

And statistics jobs pay well, too. The U.S. Bureau of Labor Statistics (BLS) reported that, as of 2023, the median annual wage for a statistician was $104,860. Furthermore, the projected average growth rate through 2032 for jobs in these fields is 30%. That’s four times higher than the projection for all occupations in the same timeframe.

Upskill for the future with Michigan Tech’s Online MS in Applied Statistics.