By AARON MUDD

amudd@bgdailynews.com

As high-profile data security breaches continue to expose consumers and rock companies, information technology professionals are struggling to fend off future attacks from hackers. 

Christopher Royse, an assistant professor of computer and information technologies at Southcentral Kentucky Community and Technical College, said the problem stems from a shortage of professionals who are up to the task. 

“We have a lot of people that are good IT people, but they don’t know the fundamentals of information security,” Royse said. 

To combat that, SKYCTC launched a two-year Information Security program this fall modeled around education standards set by the United States National Security Agency and Department of Homeland Security. 

Students practice hacking techniques and how to counter within a secure computer lab to simulate problems they might encounter on the job and courses focus on computer networking, digital forensics and network defense. It’s part of a broader effort to “train people for in demand, high wage jobs,” Royse said. 

“We need people in the pipeline quicker,” he said. “The instances of cyber warfare and crime have only increased.” 

Art McFadden, chief technology officer with the digital forensics firm Millstone Labs, agreed that only a small portion of IT professionals focus on security. 

“With my experience in cyber crimes it became obvious that we need more security trained personnel in the industry to help prevent these types of crimes to begin with,” he said. 

McFadden is teaching courses in the program along with Mike Lemon, the owner of Millstone Labs. 

“It’s think it’s very diverse they have a very good overview of real world problems,” Lemon said of the program. Lemon said the program’s teachers are able to pull from their current work in the field and translate principles into practical experience for securing sensitive information. 

“Securing that information is pretty vital to not only the security of your business but also the security of your person,” he said. 

That was the case for about 50 Western Kentucky University employees in February 2015, who found fraudulent tax returns filed in their names after insurance plan provider Anthem reported a data breach earlier that month. The breach actually involved millions of then-current and past Anthem customers.

“We will be dealing with that for years. That is not over yet,” said McFadden, predicting more identity thefts in the future. 

When it comes to maintaining security, individual users are the weakest link, meaning IT professionals can only do so much. McFadden said IT professionals need to lead a mindset of collective responsibility within their organizations and educate users and employees on how to navigate a perilous security landscape. 

Royse agreed, adding that even internet-connected thermostats, lightbulbs and other devices can be weak points for attackers. 

“The devices are designed for convenience and often times not with security in mind,” he said. 

One of the biggest threats facing companies, Royse said, is a malicious software known as ransomware. The software can cripple businesses by encrypting valuable information, effectively locking it away until a sum of money is paid to the attacker. 

“With modern encryption, you can’t take it to Geek Squad,” Royse said. 

The problem isn’t easily fixed, but it can be prevented. Trained technicians can set up security systems, create backups and, above all, set policies and educate users.

“That’s really the most important thing,” Royse said. 

— Follow education reporter Aaron Mudd on Twitter @BGDN_edbeat or visit bgdailynews.com.