Research News

Data breach.

Data breach ‘tip of the iceberg,’ UB expert says

By RACHEL STERN

Published June 11, 2015 This content is archived.

Print
Arun Vishwanath.
“We cannot fix this with technology alone; it is people who are letting these guys in. ”
Arun Vishwanath, associate professor
Department of Communication

What appears to be one of the largest breaches of federal employees’ data involving at least 4 million government workers was no surprise to UB faculty member Arun Vishwanath,

Not only was it no surprise, but Vishwanath, an associate professor of communication who studies online security and cyberbehavior, expects larger hacks to keep happening. And even worse, he says, there is no way to stop them right now.  

“This breach isn’t even the tip of the iceberg,” he says. “If you just count the number of people whose data has been compromised within the last year, it is over 350 million people. That is a staggering number. It’s a sobering realization and they are virtually impossible to prevent.”

These massive hacks almost always start with a simple email where malware is hidden behind hyperlinks and attachments. The moment one opens that link or attachment, the hackers are in, Vishwanath says.

That method is the reason why there is virtually no fix — it is largely a people problem, not a technology-based problem, he says.

“We cannot fix this with technology alone; it is people who are letting these guys in,” he says. “Everyone is looking for that silver bullet tech fix because then it would be easy to solve, but that doesn’t exist. There’s a minefield of people problems and that’s what makes this so difficult to solve.”

For starters, people must be better trained at spotting suspicious emails and then there must be systems in place for how to report those emails and what to do with them, Vishwanath says.  

But as long as more and more information is stored online, hacks will continue to get larger and larger, he says, and not only in terms of numbers, but in terms of who is targeted.

“Next could be a cyber-physical system, like the electricity grid,” Vishwanath says. “With all the information that is stored online and the ease with which it is to get that information, I could see people shutting down the electrical grid. We know this is very close to happening and that could create a lot of damage.”