We all know that sensitive data held by corporations and organizations like the University of Dallas can be compromised by hackers. But who are these hackers and what do they want from us? Craig Maccubbin, Executive Vice President and Chief Information Officer, WestJet Airlines, and former Vice President and Chief Technology Officer, Southwest Airlines, spoke last spring to a group of UD students, alumni, faculty and staff about the risks hackers pose to organizations large and small, as well as the measures companies must take to prevent bad actors from compromising An airline’s crucial IT systems.
Maccubbin explained that there are basically five categories of so-called hackers, each with their own particular set of motivations and subsequent associated risks.
One such group are cyber criminals, whose main goal is to steal customer information like credit cards and social security numbers. Because airlines process billions of dollars worth of credit card transactions every year, fighting this group is of particular importance. Airlines must employ large numbers of cybersecurity experts and maintain constant vigilance in order to protect their customers’ data.
Maccubbin said that another group of hackers include nation/state actors like China, Iran, and Syria, whose goal is cyber espionage revolving around trade secrets stolen from American companies.
In recent years, many terrorist group have also developed cyber attack wings that prowl for weaknesses in IT systems, threatening basic airline operations like ground ops. Terrorist hackers are of particular concern for airlines and other areas of vital infrastructure.
According to Maccubbin, Hacktivist groups like Wikileaks also present a challenge to American businesses by stealing confidential documents and correspondence in an effort to embarrass their victims. “They want to make a statement,” he said. “And they’ll go to great lengths to do so.”
Finally, independent hackers may try to damage large systems for a variety of reasons. “They may be looking for notoriety,” Maccubbin said. “Or they could even be disgruntled employees looking to give advantages to a competitor.”
All of these categories of hackers present their own unique challenges to the airline industry and Maccubbin says that IT departments must be careful to analyze the motivations of each group in order to determine how best to fight them.
Maccubbin also had a few words of advice to help students and faculty protect their own vital information from bad actors attempting to gain access to personal information.
- Don’t open suspicious emails. If you’re not sure whether the email is authentic, check the address. Phishing scams will often come from emails addresses that are off by one or two letters from the authentic address.
- Don’t use USB drives. They are the easiest way to spread computer viruses.
- Use a complicated password. McCubbins recommends using one that takes the first letter of the words in the first line of your favorite song, using capital and lowercase letters, then adding a special character and a 5 digit number only you would know (not your birthday!).
- Don’t use the same password for every website.
Maccubbin stressed that although airlines are on the forefront of battling cyber criminals with state-of-the-art cybersecurity teams, it’s up to us as individuals to protect our data. “We have to be personally vigilant,” he said. “Because we each have the opportunity to make the world a better place.”
The University of Dallas Executives on Campus program was founded to further the University’s mission of providing practice-based education by inviting successful business leaders to share their experience with graduate and undergraduate students in the classroom. Through this program, alumni, business leaders, and their companies are invited to partner with the University in our shared pursuit of management excellence.