Research News

Cyber security.

Nationwide reporting system would help stem cybersecurity breaches

Editor’s note: This is the third in a series of stories in which we asked UB faculty mem­bers to think big: If they had unlimited time, money and persuasion techniques, what audacious idea from their fields would they want to implement today?

By ERIN PETERSON

Reprinted from At Buffalo

Published September 16, 2016 This content is archived.

Print
“It’s not just that we need to have a way to report these breaches; we also need to create a culture of reporting. ”
Arun Vishwanath, associate professor
Department of Communication

The problem: Cybersecurity

The big idea: Develop a nationwide 911-type system for reporting online breaches.

Arun Vishwanath is an associate professor of communication.

Arun Vishwanath.

Right now, the single biggest threat to cy­bersecurity and national security is “spear phishing” — a targeted email scam that appears to be from an individual or business that you know, but is actually from a hacker.

The scale and scope of these problems are enormous and likely to get bigger over time. So much of our data is stored online — our business data, our health informa­tion, our financial information. We need to stop this. If we don’t, all of our information could get released and we could suffer consequences for the rest of our lives.

So how do you stop it? If you get something suspicious at your work email account or your home account, who do you contact? You probably don’t know. That’s why my big idea is a simple, nationwide, 911-type system for reporting online breaches.

For example, we know that less than 30 percent of people fall for these phishing at­tacks — but that’s enough to make the breach spread. So I’d like to see a system where those 70 percent who recognize an attack have an easy way to report it and get feedback. The person would report it and receive a call within 24 hours from this organization to explain what it’s doing to resolve it.

But it’s not just that we need to have a way to report these breaches; we also need to create a culture of reporting. In many cases, it takes more than a year for an organization to discover a breach because no one is reporting it. A culture of reporting and a system that allows us to take action on these reports could shorten this cycle and make a big difference.