The University of Worcester has recently opened its brand-new Cyber Lab – a special facility where the cyber professionals of the future will hone their skills and learn what it’s like to work on a network when it’s under attack. Richard Wilkinson, Head of the Department of Computing, shares his thoughts on the current cyber-crime climate, the people who commit the crimes, the businesses at risk, and the students training to take on the criminals.
When we think of firms targeted by criminals, we think of jewellers on a high street, or businesses holding a lot of cash but, in recent months, the firms hitting the headlines after cyber-attacks aren’t the kind you’d associate with having expensive items to steal: local authorities, a housing association, IT service providers.
They might not have fleets of fancy vehicles or cases full of diamonds, but what they do have is data and network infrastructure.
These, in the eyes of a cybercriminal, are like supercars. They’re valuable, they’re desirable, and there are people who’ll break the law to get at them.
Richard says, “The obvious reason for taking this seriously is the financial impact cyber-crime has on businesses. If they are hacked by ‘bad actors’, it can seriously harm a business and its reputation.
“There are different types of attack. There’s ‘denial of service’, where the criminals attack someone’s website or network to stop it functioning. They might go to an ecommerce website and just constantly try and access it, thousands of times a second. The attack makes their website become unresponsive and that really hurts because the business can’t use their web infrastructure.”
Richard adds: “Because the organisations are so reliant on their websites now, when it goes down and it can’t function, that could mean the team aren’t able to work for a few hours which in turn can mean tens of thousands, or even hundreds of thousands of pounds, worth of business being missed out on.”
He continues: “Then there’s ransomware attacks, which use things like phishing emails, where the attacker sends an official looking email which purports to be from someone within that organisation, saying ‘reset your password’ or, ‘click this link’. It looks like it’s come from somewhere like the IT department.
“When you click that link and give your password details, it allows these people to access your system using your login, your username, your password. Once they’re in, they can install software which takes over the entire system.
“The hackers might then send a message saying, ‘Pay us X amount of money and we’ll release your computer’, but there’s no guarantee that they’ll even do that if you pay them.”
Richard reflects on who these criminals really are: “A lot of them are very clever people, they’re very well versed and trained in the methods of hacking and they don’t necessarily do it for financial gain, sometimes they just do it for credit, for kudos, for being the one that can do it.”
Today, the Department of Computing at the University of Worcester is an exciting place to be. In September, it launched a new degree in Cyber Security, and it has a real-life working network for the students to practice on.
Richard says: “We needed something dedicated for our students to learn cyber security from for the new degree, and we’re really proud of the Cyber Lab. It’s a big investment from the University of Worcester and it’s going to allow us to train up the cyber professionals of the future.”
The closed nature of the training network means the students can see what an attack will look like.
Richard says: “We can deploy some of the techniques which hackers and cyber attackers use so we can show the students how to defend against them as they’re happening.”
But who are the people training to take on the criminals? People who aspire to work in cybersecurity don’t need in-depth skills like programming to work in the field.
“We teach students from the ground up,” he says. “People coming onto this course don’t have to have any previous computing knowledge, or even any computing qualifications, we start at the beginning and train these professionals.
“While the cyber criminals are very clever people, we’ve got a lot of very clever people as well and we can train them in the ways of the cyber criminals so they can deter them, they can fight back against them and help organisations get to a place where they’re less vulnerable.
“Ideally, a cyber professional is someone with a logical mind, but that’s not restricted to people who have grown up with a love of computers. It also includes musicians and mathematicians – we find that people with an artistic mind are also very good at logical thinking, and that’s what’s required.”
It’s an exciting time for a graduate with a degree in cyber security to be in Herefordshire and Worcestershire.
“We have a lot of high tech and cyber companies around us in places like Malvern at the science park, and the jobs are there,” says Richard.
“We work very closely with those local businesses and they’re constantly coming to us with these graduate opportunities. Until now we’ve not been able to fill those graduate opportunities because we’ve not had those cyber security professionals, but now we are creating them, and they don’t have to up sticks and move to the big city to get an exciting job in the industry.
“The hope is that they’ll stay local, and work in the local economies when they graduate.”
The University of Worcester’s website offers more information on the cyber security degree and opportunities for your own learning and career growth.
For more information on how the University of Worcester is preparing students for a life in cybercrime and computing, visit Worcester.ac.uk. Applications are still open for September 2024.