Cyber Florida

About Cyber Florida

This author has not yet filled in any details.
So far Cyber Florida has created 87 blog entries.

UCF Research: Stress Prompts Poor Cyber Habits

When we think of insider threats, the common image is that of a disgruntled employee who takes out their anger on their employer or their manager. Research from the University of Central Florida reminds us that this is seldom the case.

While investment in cybersecurity has risen considerably in the face of a huge increase in attacks during the pandemic, often this investment has focused on technologies to try and keep data and systems safe. While such investments are worthwhile, the most vulnerable part of any system is almost certainly going to be us humans. The authors highlight that when organizations do have cybersecurity training, there is often an implicit assumption that insider threat attacks are done with malicious intent.

Determining intent

The reality, however, is that our failure to comply with the cybersecurity processes of our employer is more likely to be driven by stress. The researchers quizzed around 330 employees who were working remotely during the Covid pandemic. The workers were asked about their adherence to the cybersecurity policies of their employer alongside things such as their stress levels.

They followed this up with in-depth interviews with a group of 36 employees to try and get a better idea of just how the shift to remote working as a result of the pandemic may have affected cybersecurity. The results show that adherence to security policies was pretty intermittent. Indeed, on a typical workday, 67% of participants said that they had bypassed official cybersecurity policies at least once, with there being a 5% chance that they would do so on any given task.

It should perhaps be self-evident that breaches on this kind of scale are unlikely to be driven by widespread discontent with one’s boss or employer, and this was indeed what the researchers found. Indeed, the top response when asked why people circumvented security protocols was that doing so better helped people to get things done, either for themselves or for a colleague. This reason accounted for around 85% of all intentional breaches of the security rules. Contrary to popular perception, an intentional desire to cause harm only accounted for 3% of the security breaches. To put that into perspective, that makes non-malicious breaches around 28 times more likely than deliberately malicious breaches.

Under stress

Importantly, the relatively benign breaches were far more likely on days when employees were suffering from stress. This strongly suggests that being placed under stress reduces our willingness to abide by rules if those rules are perceived as stopping us from doing what we need to do.

The causes of stress are oft-cited and include family demands, job insecurity, conflicts with our colleagues, and even the demands of the cybersecurity rules themselves. However, there was a clear link between the pressure people faced to do their job and the belief that cybersecurity procedures inhibit their ability to do that job as effectively as they felt they needed to. Adhering to protocols often resulted in feeling like jobs take more time or effort to complete, with employees also complaining that the protocols made them feel like they were being monitored and couldn’t be trusted.

The researchers accept, of course, that their findings were a result of self-reporting from participants, so they would only be able to report on cybersecurity breaches that they were themselves aware of. This will mean that breaches as a result of a lack of knowledge or poor practice will have almost certainly been overlooked because people only know what they know. The findings do nonetheless remind us that insider threats are seldom the result of malicious and deliberate intent but rather due to a lack of training or intense pressure to get things done as quickly as possible.

Reducing the risk

So what can managers do to improve adherence to the guidelines and, therefore, the security of their systems? A good first step is to appreciate that the overwhelming majority of security violations are intentional and benign. People simply want to get their work done as efficiently as possible, so cybersecurity training should work on that basis and inform employees how they can do this while still remaining secure.

It’s also important that people feel confident enough to speak up whenever they breach security policies, as the quicker they can do this, the quicker the challenge can be addressed, and any security risks plugged.

“How do people react when the employee makes a mistake,” Kaspersky’s Chris Hurst says. “It’s crucial that if employees make a mistake that they’re confident enough to open up about it and escalate it to people who can do something about any possible risks involved.”

It would also be prudent to ensure that staff are included in the development of security protocols. This would help to ensure that protocols aren’t developed that would inhibit people’s work and result in them striving to find workarounds that reduce the effectiveness of the protocols themselves. By better understanding how protocols affect people’s workflows, security teams will have a better chance of adherence. This is especially important as people have moved to remote working and therefore taken on different ways of working.

Of course, tackling the stress and pressure that workers are under would be no bad thing either, but perhaps the key takeaway from the research is that the way we design our jobs and the way we design our cybersecurity are intrinsically linked. With cyberattacks on the rise and affecting most organizations, it’s no longer good enough to assume that insider threats are the result of a few bad apples but rather the poor way in which jobs and security protocols are designed. Once we grasp that, we can perhaps start to make positive headway.

As seen in The Cyber Post: https://thecyberpost.com/news/security/stress-prompts-employees-to-break-cybersecurity-policies/

UCF Research: Stress Prompts Poor Cyber Habits2022-04-05T11:47:10-04:00

Working from Home Cybersecurity Checklist

Over the past year and half, many organizations have transitioned to remote work. While remote work has many benefits for both employees and employers, it poses specific problems for organizational cybersecurity by introducing a host of new potential points of entry for cybercriminals in the form of personal devices and home internet service. Working from Home Cybersecurity Checklist, provided by Cyber Florida community partner Scarlett Cybersecurity, offers guidance to help ensure that your remote staff are implementing good cybersecurity practices and doing their part to protect the organization from cybercrime.

 

n

Working from Home Cybersecurity Checklist2022-02-12T16:11:15-05:00

2020-2021 Annual Report

As it was for so many around the world, 2020-2021 was a year of change at the Florida Center for Cybersecurity (Cyber Florida). In addition to navigating the pandemic, the introduction of new leadership ushered in a bolder vision for the Center with high-reaching objectives designed to position Cyber Florida on the national stage. A comprehensive review of resources, structure, and mission areas culminated in an ambitious three-year Strategic Plan with well-defined goals aligned to our three mission pillars: education, research, and outreach. We were part of three grant awards from the federal government that brought nearly $8 million in funding to the state of Florida, including funding for free workforce training for veterans and first-responders! 

Some of the key achievements from 2020-2021 include

  • Retooling the University of South Florida’s M.S. in Cybersecurity into four new master’s degree programs to more effectively address employer needs
  • Implementing Operation K12: a highly successful initiative in partnership with the Florida Center for Instructional Technology that has infused cybersecurity hygiene and career awareness curricula into public schools throughout Florida and created numerous pathways for K-12 students to spark and encourage interest in cybersecurity careers
  • Partnering with DC-based think-tank New America to create a national Cyber Citizenship Education program to combat the rising threat of mis- and disinformation online
  • Funding rapid research projects to investigate how COVID-19 misinformation spread via social media in the early weeks of the pandemic, how the public used social media to seek health-related information, and cybercrime victimization stemming from COVID-19
  • Landing three grant projects to support the National Security Agency’s Centers of Academic Excellence in Cybersecurity (CAE-C) program by providing leadership support for the Southeast Region; designing and implementing a national workforce development program, CyberSkills2Work, as part of a 10-member consortium; and creating a national collegiate cyber competition for the CAE Community with a focus on encouraging newcomers to field, particularly those from underrepresented groups
  • Adding staff resources to enhance our role in enabling and facilitating of state-of-the-art research across the State University System of Florida (SUS) by capturing more grant opportunities, bringing more research dollars to Florida, and leading a series of research-focused events
  • Introducing a public policy aspect to our outreach mission area to effect change at the state and national level, advocating for legislative and budgetary support to improve the overall cybersecurity posture of our citizens, organizations, and nation-at-large
  • Bringing together an incredible roster of distinguished thought-leaders for a major virtual conference hosted on behalf of U.S. Central Command examining the United States’ role in cyberspace through the lens of the ‘Great Power Competition’
  • Creating a Governing Council of dean-level representatives from across the SUS to guide and support our efforts
  • Conducting several successful public outreach campaigns—one in partnership with the Florida Secretary of State to raise awareness about voting misinformation—on matters of public cyber safety
2020-2021 Annual Report2021-10-01T23:56:19-04:00

Evelyn Curry

Evelyn Curry is an M.B.A candidate. Her career started in the United States Air Force, where she specialized in the logistics and security of nuclear missiles. In her civilian career, she has specialized in governing technical infrastructures and mitigating organizational risks. She joined Cyber Florida as a Senior Business Analyst in 2020 with a focus on promoting sustainability and operational excellence through Organizational Change Management. Today, she serves as the Associate Director of Cyber Operations and Analytics.

Evelyn Curry2025-01-29T12:07:45-05:00

Kate Whitaker

Kate Whitaker is a senior communications professional with over 25 years of experience in higher education, nonprofits, and government. Specializing in communicating complex scientific and technical ideas and information to various audiences, Ms. Whitaker is an expert in program development, project management, digital media, media relations, and internal and external communications. Throughout her career, she has spearheaded a variety of comprehensive branding, fund-raising, and event and program outreach campaigns across multiple channels to a spectrum of stakeholders. She holds a BA in English and an MBA in Management.

At Cyber Florida, she leads a team of talented professionals who promote the center’s activities and accomplishments and conduct statewide public awareness campaigns, events, and programs to encourage better cyber-self-defense among organizations and individuals.

Kate Whitaker2025-01-24T12:40:11-05:00

Ernie Ferraresso

As the senior director of Cyber Florida, Ernie drives the organization’s strategic vision while overseeing the center’s day-to-day operations. He started with Cyber Florida in 2017 as associate director of programs and partnerships and brings decades of technology expertise and leadership experience to his role.

Prior to Cyber Florida, Ernie worked for a small technology design and integration firm as the Director of Operations, overseeing the design and implementation of cybersecurity and emergency operations center technology solutions in the U.S. and throughout Latin America.

He is a retired U.S. Marine Intelligence Officer who served in the U.S. and abroad. His work included assignments with the U.S. Special Operations Forces, the intelligence community, the George C. Marshall European Center for Security Studies, and U.S. Cyber Command.

Ernie Ferraresso2025-01-24T12:42:13-05:00

General (Ret.) Frank McKenzie

General (Ret) Kenneth F. “Frank” McKenzie, Jr. became the Executive Director of the University of South Florida’s Global and National Security Institute in May 2022. In July 2022, he also became the Executive Director of the Florida Center for Cybersecurity, also known as Cyber Florida.

He is the former Commander, United States Central Command. A native of Birmingham, Alabama, upon graduation from The Citadel in 1979, General McKenzie was commissioned into the Marine Corps and trained as an infantry officer.

He has commanded at the platoon, company, battalion, Marine Expeditionary Unit (MEU), and component levels. As a lieutenant colonel, he commanded First Battalion, Sixth Marines. As the Commanding Officer of the 22d MEU (SOC), he led the MEU on combat deployments to Afghanistan in 2004 and Iraq in 2005-06. In 2006-07 he served as the Military Secretary to the 33rd and 34th Commandants of the Marine Corps.

Upon promotion to Brigadier General in July 2007, he served on the Joint Staff as a Deputy Director of Operations within the National Military Command Center. In June 2008, he was selected by the Chairman of the Joint Chiefs of Staff to be the Director of the Chairman’s New Administration Transition Team (CNATT). In this capacity, he coordinated the efforts of the Joint Staff and the combatant commands in preparing for and executing a wartime transition of administrations.

In June 2009, he reported to the International Security Assistance Force (ISAF) in Kabul, Afghanistan, to serve as the Deputy to the Deputy Chief of Staff (DCOS) for Stability. Upon his return from Afghanistan, in July 2010, he was assigned as the Director, Strategy, Plans, and Policy (J-5) for the U.S. Central Command. In August 2012, he reported to Headquarters Marine Corps to serve as the Marine Corps Representative to the Quadrennial Defense Review. In June 2014, he was promoted to Lieutenant General and assumed command of U.S. Marine Corps Forces, Central Command.

In October 2015, he was assigned to the Joint Staff to serve as the Director, J-5, Strategic Plans and Policy, Joint Staff.

In July 2017, he was named the Director, Joint Staff. General McKenzie was promoted to the grade of General and assumed command of U.S. Central Command (CENTCOM) in March 2019. He relinquished command of CENTCOM

and retired from the Marine Corps on 1 April 2022, completing over 42 years of service.

General McKenzie is an honors graduate of the Armor Officer Advanced Course, Marine Corps Command and Staff College, and the School of Advanced Warfighting. He was selected as a CMC Fellow in 1999, and served as a Senior Military Fellow within the Institute for National Strategic Studies at the National Defense University. He has a master’s degree in teaching with a concentration in history. He is currently the President of the Board of Directors of the Institute of Applied Engineering at the University of South Florida, a Distinguished Senior Fellow on National Security at the Middle East Institute, a Member of the International Advisory Committee of the National Council on U.S. Arab relations, and a Member of the National Security Advisory Council, U.S. Global Leadership Coalition. He is the Hertog Distinguished Fellow at the Jewish Institute for the National Security of America (JINSA) Gemunder Center for Defense and Strategy.

General (Ret.) Frank McKenzie2025-03-13T14:26:55-04:00

Preparing for a Ransomware Attack – 10 Tips

Criminals have always targeted financial chokepoints. In the past, this was in the form of storage facilities and transports of valuable items. Nowadays, reliance on technology and data for business operations has created a “single point of failure” for most organizations. Information System outages can completely inhibit even the most basic operations.

Ransomware is a targeted form of malware that aims to “lock” data and systems within an environment in order to extort a payment. This attack method has grown into a criminal industry of its own, complete with support staff, payment portals, and malware engineers. By targeting organizations of all sizes and industries, ransomware has become a persistent and existential operational threat. Unfortunately, there is no known method to 100% prevent ransomware from affecting an organization. The best thing an organization can do to reduce the impact of ransomware is the implementation of a comprehensive cybersecurity plan, ranging from prevention to response.

1. Preventative Cybersecurity Controls

Perhaps the most well-known cybersecurity practice on this list is also one of the most important. By preventing ransomware from running on systems, there is very little need for recovery. No single control will be completely effective against all strains of ransomware, and standard Anti-Virus is fighting an uphill battle to remain relevant as cybercriminal tactics expand.

Example Tools and Services:

  • Anti-Virus Software
  • Endpoint Detection and Response Solutions
  • Application Whitelisting Solutions

2. Detecting Ransomware

Detection of ransomware can be critical in the early stages of spreading. Often, ransomware is delivered via phishing emails or other malicious files that contain “first level” drops which callout to a home-server for the final malware package. Detection during these early phases can prevent a complete network encryption. Solutions that rely on detecting ransomware early usually require urgent manual remediation before the threat actors expand their hold.

Example Tools and Services:

  • Security information and event management (SIEM)
  • Security Operations Center (SOC)
  • Endpoint Detection and Response Solutions
  • Dark Web Scanning and Assessments (Detect Leaked Data and Passwords)

3. Incident Response Planning

Incident response planning is usually underemphasized in a system security plan. Protecting the network can only get an organization so far. An attacker only has to get lucky once. Whenever the worst does occur, best practice dictates that a plan should be in place. Every organization is not expected to have the skills, team, and resources to deal with a cybersecurity incident. However, having a pre-defined contact (outsourced) and budget to deal with these events should be at the top of any disaster planning agenda.

Example Tools and Services:

  • Internal Incident Response Team
  • Outsourced Incident Response “on retainer”
  • Established Incident Response Guidance

4. Disaster Recovery and Disaster Recovery Services

Disaster recovery services are different than simple backups. Disaster recovery planning and services are the “next level” of backup, emphasizing rapid business operation recovery in the event of a disaster such as ransomware. These services often utilize specialized tools that enable remote hosting and rapid temporary infrastructure deployment in order to immediately resume business operations while the incident response takes place.

Example Tools and Services:

  • Internal Disaster Recovery Planning with backup infrastructure
  • Disaster Recovery as a Service (Outsourced)

5. Centralized Management of Assets

Centrally managing assets is a key aspect to complete cybersecurity and IT posture. By monitoring asset health (drive status, CPU usage, account activity, etc.), IT staff can detect anomalies indicative of a threat. Remote management capabilities enable incident responders to rapidly audit devices and control endpoints where needed. Without central management of devices, ransomware is much more difficult to deal with on an emergency timeline.

Example Tools and Services:

  • Remote Monitoring and Management Tool
  • Outsourced IT and Cybersecurity Management
  • Specialized Endpoint Security Solutions with Central Management

6. Defense-in-Depth Security Planning

Comprehensive security planning relies on a principle known as Defense-in-depth. By segmenting networks and implementing robust and redundant controls around each sensitive asset in a variety of categories, organizations can ensure that systems are protected by a diverse suite of controls. Ransomware would then need to breach several layers of defenses in order to successfully propagate.

Example Tools and Services:

  • Internal Risk Map and System Security Plan
  • Outsourced Cybersecurity Services
  • Detailed Network Map with Projected Threat Vectors

7. Threat Intelligence Feeds

Knowing the current threats facing an industry can be a significant advantage when evaluating risk. Certain ransomware groups target specific industries such as finance, construction, government, education, healthcare, etc. By staying informed on the tactics, techniques, and procedures (TTP) utilized within groups targeting an industry, relevant controls can be utilized and configured to prevent these attacks.

Example Tools and Services:

  • Custom Threat Intelligence Feed
  • Outsourced Threat Intelligence
  • Internal or Outsourced Managed Cybersecurity

8. Cybersecurity and IT Audits

Audits are key to detecting gaps within a cybersecurity posture. Whether these audits are performed by an external or internal party, their importance cannot be overemphasized. A comprehensive picture of an organization’s network can reveal glaring holes in policy or controls, enabling an effective plan of action to be created.

Example Tools and Services:

  • Annual Third-Party Cybersecurity Audit
  • Vulnerability Scans and Penetration Tests

9. Monitored and Aggressive Patching

Aggressive patching of critical security flaws in applications and operating systems is one of the most effective steps that can be taken to reduce the risk of a ransomware attack. Very often, ransomware exploits a recently discovered vulnerability in a system to spread rapidly within a network. By monitoring the patch status of devices and pushing patches on an aggressive timeline, the worming behavior of ransomware can be stopped cold.

Example Tools and Services:

  • Remote Monitoring and Management Solutions
  • Managed Cybersecurity and Patching Services
  • Automated Windows Patching and Compliance

10. Cyber Insurance

If an organization were to follow all of the recommendations above and still get affected by an irreversible ransomware attack, cyber insurance would be they key to avoiding financial ruin. These insurance agencies provide coverage based on assessed risk and will help recover from the financial effects of a successful attack.

Due Diligence

Through all these recommendations, one overall question should rise to the front of any organization’s leadership: Are we doing everything we can to prepare for ransomware? Attacks are happening on an unprecedented scale, specifically affecting critical government infrastructure and small businesses. It is no longer optional – take the necessary steps now to prepare for a ransomware attack before it is too late.


We are pleased to share this guest post from Scarlett Cybersecurity, a Florida-based leading cybersecurity provider whose mission is to simplify cybersecurity for organizations of all sizes. To learn more about Scarlett Cybersecurity, visit www.scarlettcybersecurity.com.

Preparing for a Ransomware Attack – 10 Tips2024-07-26T16:01:45-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.