Improving Cyber Security through Research and Policy
Winners of the Junior Academy Innovation Challenge Spring 2023: “Cybersecurity”
Sponsored by NEOM
Published January 11, 2024
Team members: Jessica K. (Team Lead) (United States), Ritwik D. (United States), Neha B. (United States), Bhavya D. (United States), Farah M. (Jordan)
Individuals, businesses, and governments increasingly operate in a digital landscape. But as homes, medical systems, banking services, and key infrastructure connect via complex online networks, cyberattacks have increased exponentially. Developing strong protections against various forms of cyberthreats has become critical.
Enter Cybersafe, the 5-student American/Jordanian collaboration that formed the winning team in the Spring 2023 Cybersecurity Innovation Challenge.
“I’ve been thinking about two things: collaborating with cybersecurity experts and conducting user research,” says Bhavya.
A Focus on Phishing
After thorough research on various cyberthreats, the team evolved to focus on “phishing”, an illegal practice that uses fraudulent emails to manipulate recipients into divulging private information– information used for blackmail, identity theft, embezzlement, and even resale to other criminals.
Email remains the hackers’ easiest route to breaching online security and obtaining sensitive data. The scale of this cyberthreat is staggering: Every day, 3.4 billion fraudulent spam emails are sent around the world, using fake sender addresses to deceive individuals into revealing sensitive information. The consequences for victims can be devastating.
In 2022 over 300,000 phishing claims were filed in the United States alone. This is a 61% increase compared to the previous year– with costs estimated at $2.7 billion. Cybercriminals are often hard to trace, particularly because they tend to select victims carefully, focusing on vulnerable, often elderly people. Phishing perpetrators often avoid attracting attention by launching large numbers of small attacks. To coerce and deceive their victims, they keep in touch with trends and constantly adjust their messages and tactics.
A Two-Pronged Solution
Through brainstorming and effective teamwork, the students came up with a two-pronged solution to curb this global scourge.
“I gained a lot of insights from this experience and learned how to work with someone rather than under someone,” says Farah. “I took on various tasks so we could share the workload evenly and efficiently.”
First, they focused on developing software that enables Artificial Intelligence (AI) to interact with and enhance testing systems on smartphones, tablets, and laptops. These systems can automatically analyze emails and attachments in order to detect malicious content.
“One of the most valuable things I learned from this experience was the importance of open communication and collaboration,” says Neha. “I found that by working together and sharing our ideas, we were able to create a stronger end product than we could have individually.”
Advocating for Policy Changes
In addition to this technological solution, the team members advocated for policy changes to better protect the public from cyberhackers. In particular, they suggested new legislation to prevent tactics such as impersonation of co-workers or relatives in order to coerce victims into soliciting private information, clicking on malware links, or downloading harmful attachments.
The law would impose tougher penalties on cybercrime perpetrators, increasing fines and the likelihood of imprisonment. It would also require the most frequently targeted companies and organizations (in 2020: financial services, payment platforms, and webmail) to update their security protocols on a regular basis, implement two-factor authentication, and increase funding for cybersecurity research and development.
The students felt confident in their twofold solution to combat phishing and improve the security of personal devices: 1. With the help of AI, identify and filter harmful emails and alert potential victims, and 2. Enact new legislation to improve cybersecurity and impose harsher punishments on online criminals.
A Dual Approach
Developing this dual approach involved hard work for the Cybersafe team. This was particularly evident when it required coordinating the time zones of two separate continents. It also offered them opportunities to discover new fields and acquire new skills.
“Normally my project revolves around nature and ecologic science, so this was a nice time to try something new and test my recently developed skills,” says Ritwik. “Although I have a very busy schedule outside the Academy, I tried to make the best of my free time and dedicated myself to this project.“
After successfully completing the challenge, the students felt enriched by the experience and proud of their joint achievement– made even sweeter by learning they were the winning team.
“I learned a lot of collaborative skills from this project, including how to lead and participate in a team setting,” says Team Lead Jessica. “Working with this team was a wonderful experience and I look forward to future collaborations.”