Last week, the North Carolina Attorney General’s Office announced that it had reached a settlement with TD Bank that resolved “concerns about the bank’s 2012 loss of unencrypted backup tapes that contained 1.4 million files.”
Those files contained personal information belonging to about 260,000 of the bank’s customers nationwide.
The TD data breach is among a growing number of such events happening to businesses when hackers gain access to their electronic records. According to the AG’s news release, so far in 2014, 348 security breaches of 220,322 North Carolina consumers’ information have been reported to that office. In 2013, businesses and government agencies reported 514 breaches that potentially compromised information about more than 1.5 million North Carolina consumers.
“Consumers entrust their personal information to businesses, and businesses have a responsibility to protect that information,” state attorney general Roy Cooper said in the release. “Reporting security breaches is a start, but banks and retailers must do more to stop criminals from
getting their hands on customers’ information.”
A group of tech-savvy students at University of North Carolina Wilmington are paying attention,
and they are preparing for careers in the demanding and in-demand field of cyber security. Because UNCW offers no cyber security degree or program, they have taken the initiative to educate themselves: inviting speakers, setting up workshops and organizing practice sessions, playing data defense against an opposing team of local security professionals posing as hackers.
Three years ago, several of the students approached Ulku Clark, associate professor of management information systems, to see if she would serve as advisor to their newly formed Cyber Defense Club.
In March 2013, a year or so later, the club’s team qualified through an online competition to progress to the Southeast Regional Collegiate Cyber Defense Competition at Kennesaw State University in Georgia and placed second.
“It was remarkable, because they came from a school with no security program, no engineering program, and at that time, no IT major,” Clark said. “They were competing against schools like Florida State University and UNC-Charlotte that have very successful programs.”
When Michael Piwowar, U.S. Securities and Exchange commissioner, visited UNCW last spring, he asked to have lunch with the club members. Soon afterward, at the U.S. SEC Cyber Security Roundtable, he mentioned them publicly.
“In particular, I want to give a shout out to a wonderful group of students and faculty sponsors who are doing amazing things related to cyber security, the UNCW’s Cyber Defense Club,” he said. “I learned a lot about cyber security issues, including the importance of balancing security needs against business needs, in my discussion with these very bright and motivated students.”
Because Clark was on maternity leave in the spring of this year, the UNCW club did not attempt to field a team, but this semester, the students are in full combat mode.
At one of their self-organized lunch and learn sessions recently, they explored the topic of firewalls with Sammie Carter, associate director of technology at N.C. State University’s William and Ida Friday Institute for Educational Innovation.
“The  team was assembled strategically, with a good captain, a network guy, a systems administrator and a program guy,” Clark said, explaining that a successful team has expertise in a number of areas. “This year we have a great team and team leader. By the end of this semester they will have enough skills to be effective. The online qualifier takes place in January or February. The regional competition will take place in March.”
The club has joined the National Cyber League, which offers a variety of online cyber security exercises – in fact, one of its programs is called a gymnasium – for individuals and teams, said club president Callie Toothman, a student in UNCW’s computer science and information systems master’s degree program.
“We’ve got 18 registered users and two coaches,” she said.
Clark said she is working to get financial support for the team’s travel expenses to Georgia and will start writing grants for cyber security education at UNCW now that the Cameron School of Business has added an IT major and two additional faculty positions to support it. That will allow the school to become a Center for Teaching Excellence in the field, a designation that brings grant opportunities.
Meanwhile, club members are beginning to reap the benefits of their initiative. Toothman and former club president Ray Haddock have both accepted post-graduation jobs with GE’s Leadership Program, which will prepare them for future positions as a company chief technical officer or chief information officer. With their knowledge of cyber security, Haddock said, they will be ready to build and maintain systems that won’t fall prey to hackers.