Take Five

Maurice Dawson, assistant professor of information technology and management and director of Illinois Tech’s Center for Cyber Security and Forensics Education (C2SAFE), researches and travels the world speaking and advising on cybersecurity as a global issue, particularly in developing countries.

We hear a lot about global cybersecurity concerns. How fast are they growing?
A: It’s extremely fast as technologies continue to modernize. COVID-19 has shifted a lot of things, a lot of things are hybrid. You think about people working virtually, now they’re having to trust the infrastructure of the countries they’re living in. Are [those countries] securing data and information in the global supply chain? When you think about privacy laws in Europe, when you’re doing business with these countries, you have to be compliant with the General Data Protection Regulation (GDPR) to do work with them.
What are some examples of developing countries that are making great strides in advancing their cybersecurity capabilities?
A: I mentioned that it seems like everybody’s having issues with manpower due to emigration. An exception is Botswana, where student citizens get land and money for school. They’re well educated, and they often stay. Paraguay’s Instituto Nacional de Tecnología, Normalización y Metrología is modeling the United States’ National Institute for Standards and Technology cybersecurity standards as these are baseline standards. Estonia was brought down for two weeks—the government, banks, infrastructure, everything—over the removal of a Russian statue. They now teach computer programming at an early age.
What are some of the challenges and vulnerabilities that developing countries have when trying to integrate cybersecurity programs and policies?
A: A lack of trained manpower and weak internet policy laws that protect the people. Some countries are dictatorships where everything is controlled by the government. The legal regulations are slow to catch up. As technology advances, the existing regulations lag behind, failing to offer sufficient cybersecurity measures, thus exposing organizations and individuals to vulnerability. When I was in Gambia several years ago, for instance, they used to have one individual, and his focus was to make sure he stayed in power. They had technology, but there was no national cybersecurity policy. And when these countries do train people, those people often leave for greener pastures.
What are some of the newest methods or tactics of a cyberattack, and how can we counter them?
A: With tools like artificial intelligence, scammers in non-English-speaking countries can now write messages that sound more authentic. Then there’s technology that people just allow on their phones. The Blu Phone sent users’ personal texts to a server in China. TikTok gets control of apps on your phone that it doesn’t need. You worry, “They can hack this, hack that,” but do you realize you’ve downloaded an app that lets them do that? People need to read end-user agreements! You could ban TikTok, but people could still jailbreak their phone and put it on. The biggest thing is educating people—awareness about these particular items, even in this country.
Why is it important to be concerned about cybersecurity in developing countries?
A: As we are trying to expand our global reach and do business with developing countries, we need to make sure that we are safeguarding our data as well. When you look at a supply chain, if there is one weak point, that point can be exploited.