Cybersecurity Isn’t Just About Protecting Passwords: It’s Shaping Tomorrow’s Defenders to Secure Small Businesses

TL; DR: The first thing you should know about cybersecurity is it’s not reserved for mega-corporations with millions of customers and personal data. Cyberattacks can happen to anyone — and many attackers specifically target small businesses because they often don’t have the proper knowledge, tools, or resources to combat these threats. Through work with the Free Cyber Clinic, Yoohwan Kim, a computer science professor at the University of Nevada, Las Vegas, is leading efforts to educate and safeguard local businesses from cyberattacks.

In a world where cybercriminals are getting more adept and technology is advancing at an unprecedented rate, cybersecurity is a crucial tool that everybody should know about. Just as you would look both ways before crossing a street or ensuring your oven is turned off before you leave the house, integrating cybersecurity is another layer of protection in our everyday lives.

This is especially true for small businesses, which are primary targets for cyberattacks. In fact, small and medium-sized businesses (SMBs) faced nearly 700,000 cyberattacks in 2020 alone.

Yoohwan Kim, a computer science Professor at the University of Nevada, Las Vegas (UNLV) with decades of cybersecurity experience, works to help safeguard local small businesses from online threats. Professor Kim collaborates with students and other professors in the university’s Free Cyber Clinic to offer complimentary education, resources, and assessments to fortify these businesses against potential cyber risks.

For the past 19 years, Professor Kim has taught computer science at UNLV’s Department of Computer Science. During his tenure, he’s also authored more than 150 studies on topics from blockchain technology to cybersecurity, making him one of the leading US computer security researchers.

“I was initially researching DDoS attack prevention,” Professor Kim recalled, referring to 2001 before he got his Ph.D. from Case Western Reserve University. “Around that time, there was a major DDoS attack — and it drew me to cybersecurity, which eventually became the focus of my dissertation.”

Now, as a professor of computer science, Professor Kim also helps spearhead UNLV’s Free Cyber Clinic, which aims to arm small businesses with the knowledge and resources to stay secure online.

Since its formation in 2021, it has helped multiple small businesses assess threats and educate SMBs on improving their cybersecurity posture.

The problem? Many SMBs don’t think they’re a target at all.

“These businesses can range from one-person operations to those with around 20 employees,” said Professor Kim. He explained that small businesses are targets for a couple of reasons: “Smaller companies often lack IT expertise, and their founders are usually busy with other responsibilities, leaving them vulnerable to cyberattacks.”

While SMBs could easily hire someone to upgrade their security or perform an audit, the problem is that cybersecurity services are expensive — often costing at least a few thousand dollars. But this isn’t surprising when considering the cost of a cyberattack on SMBs with fewer than 500 employees averages around $3.31 million.

Small business owners must realize that regardless of size, every organization is vulnerable to cyber threats. Even companies with just a few computers can be targeted. Professor Kim says acknowledging this threat is the first step.

Then, they can explore online resources, such as the Cybersecurity and Infrastructure Security Agency (CISA). They should focus on implementing basic security measures, like changing default passwords, activating multifactor authentication, and staying informed about cybersecurity best practices.

“With just a couple of hours of effort, they can strengthen their cybersecurity defenses,” said Professor Kim.

UNLV’s Free Cyber Clinic started when Kim realized the gap in cybersecurity with small businesses, so he and his students formed a group that can assist and educate local small businesses with cybersecurity.

Now, the Free Cyber Clinic partners with UNLV’s Nevada Small Business Development Center (SBDC) to identify clients who could benefit from their services.

The clinic currently offers three types of assistance: assessment, remediation, and education. They visit clients to examine critical assets and analyze any risks or vulnerabilities that need to be addressed. Then, they recommend solutions to discovered problems and offer assistance when implementing them. Additionally, they provide information and resources to clients who need a deeper understanding of cybersecurity.

So far, the clinic has been successful. The progress has been so steady that the Free Cyber Clinic organized its first cybersecurity clinic workshop in Washington, DC, in June in collaboration with the Consortium of Cybersecurity Clinics.

“We use resources from organizations like the Office of the National Cyber Director (ONCD) and CISA, which provide us with tons of knowledge and support,” added Professor Kim.

UNLV has also been designated as a National Center of Academic Excellence in Cyber Defense (CAE-CD) by the NSA. UNLV is among a select group of universities in the nation that have received this designation.

But the clinic doesn’t just help small businesses, it also empowers UNLV’s students by offering them the essential cybersecurity training and support for cybersecurity certifications, such as Security+. When completed, the students can begin applying what they have learned in the real world.

Professor Kim said this experience is a great way to enter the field since it can be challenging without the right expertise. “By serving the small business community, the students can get this critical, immediate, hands-on experience,” he said.

No matter the company, service, or product, AI is everywhere — from customer service chatbots and recommendation systems to self-driving vehicles and medical diagnostics. So it’s no surprise that AI may also play a significant role in cybersecurity.

Professor Kim says AI and machine learning (ML) are at the forefront of cybersecurity discussions. “We’re entering an era where these technologies will compete for both sides,” he said.

He equated it to a cat-and-mouse game between attackers and defenders: Hackers are leveraging AI/ML to create more sophisticated attacks, whereas, on the other side, AI/ML can uncover previously undetected attack patterns.

While cyberattackers can create elusive malware that is difficult to detect, incorporating AI into cybersecurity software can be used in several ways. One way is called anomaly detection. AI and machine learning algorithms can analyze vast amounts of data, learning standard behavior patterns within a system or network. So when any deviations are detected, it could indicate a potential cyberattack or breach.

“Right now, AI and ML are a hot issue,” mused Professor Kim, “but both will definitely change the cybersecurity landscape.”

In our interconnected world, taking steps to safeguard your business is invaluable. Secure your business with help from UNLV’s Free Cyber Clinic today.