UNIVERSITY PARK, Pa. — Cybersecurity Awareness Month is an annual national campaign administered by the U.S. Cybersecurity and Infrastructure Security Agency. This year’s theme, “Building a Cyber Strong America,” emphasizes the need for individuals, businesses and government sectors to do their part to stay secure online.
In this Q&A, three faculty members of the Penn State College of Information Sciences and Technology (IST) discussed what cybersecurity is, how it’s evolving and what the average person can do to secure their data.
-
Dongwon Lee, professor and interim head of the Department of Privacy and Security Informatics in the College of IST, is the principal investigator of the U.S. National Science Foundation CyberCorps Scholarship for Service Program at Penn State.
-
Nick Giacobe, associate teaching professor, is the coordinator for the cybersecurity and analytics bachelor’s degree program in the College of IST and the point of contact for the U.S. National Security Agency Center for Academic Excellence in Cyber Defense Education at Penn State.
-
Matt Ruff, lecturer in the College of IST, was a technical intelligence officer and graduate fellow at the Central Intelligence Agency and an information management technical specialist for the U.S. Department of State.
Q: What is cybersecurity?
Giacobe: In short, cybersecurity is ensuring that computer systems are only ever used by those who are authorized to use them: Only the people at your bank should be accessing the bank's systems and making authorized changes to your account; only your doctor and the appropriate staff at the office or hospital should be accessing your medical records. I often think of security as that action being done on behalf of the company or organization to meet legal requirements to keep their systems secure. Of course, we cannot discuss “security” without discussing privacy — that is, the security of your own information that is inevitably held by others.
Q: How is cybersecurity evolving?
Lee: The definition and scope of cybersecurity have expanded dramatically in recent years. It’s no longer just a technical challenge focused on defending systems, detecting malware or stopping hackers. Today, cybersecurity is about safeguarding complex ecosystems where humans, machines and artificial intelligence (AI) models continuously interact — often in ways that have significant societal impact. The field has evolved from reactive defense to proactive resilience, emphasizing how to anticipate and prevent attacks before they occur through privacy-preserving technologies, AI-driven intelligence, zero-trust architectures and informed human and policy understanding. At the same time, new soft threats such as misinformation and data manipulation have emerged, reminding us that cybersecurity is also about protecting the integrity of information and maintaining public trust, not just keeping “things” safe.
Q: Why do people need to pay attention to cybersecurity matters?
Ruff: Cybersecurity affects everyone and everything, regardless of how much — or how little — you care about it. From the power grid to cellular networks to personal email accounts, virtually anything can become a target. And for anyone who asks, “Why would anyone be interested in me?” — attackers can access your data and either sell it or hold it hostage by locking you out of your files and demanding payment to unlock them.
Giacobe: It can be difficult to manage cumulative risk or assess the likelihood of low frequency, high impact events. If it hasn't happened to you, you may assume that it never will. However, cybersecurity issues can have a disastrous impact that is complex to clean up. Simple issues like password reuse or inattentiveness to the right email address can result in individual catastrophes. Losing access to an email account due to a weak password can start a domino effect of financial fraud.
Q: How can the average person secure their data?
Ruff: You can take a few simple steps to secure your data — none of which are time-consuming or particularly difficult. The first is to use a password manager, which stores login credentials, such as usernames and passwords, and typically works on all your devices. Once your passwords are saved, the manager can flag reused passwords and assist in updating them across various websites. Popular examples include Bitwarden and KeePass.
I also recommend using an ad blocker in your web browser. Many people overlook the data websites collect, often clicking “accept all” when prompted about cookies. However, this data can be used to track your activity across the internet.
Giacobe: Establish two-factor authentication on all email and financial accounts. Have a backup two-factor mechanism other than your phone, so that you still have access if your phone breaks or is lost or stolen.
Use a virtual private network (VPN), especially on public networks. Penn State provides students, faculty and staff with a free VPN service for business and personal use, which can be handy if you are traveling or frequently using free local Wi-Fi. At a minimum, secure your data back to Penn State's network.
Limit a hacker’s ability to open new credit in your name by freezing your credit with all three credit bureaus. You can always thaw your credit when you need it — such as when you apply for a new credit card, get car insurance or apply for a lease.
And make sure you apply all updates to your software, applications, operating systems and devices. Don't delay — install them as soon as possible, because hackers are reverse-engineering any security updates to make exploits the day that they come out. Don't wait.