Our group proposal was for a software called EzDetect that is meant to help prevent cyberattacks, by testing for vulnerabilities. The Proposals were individual projects that each group member made and sent in.

Our proposal is a software that will look for vulnerabilities in software, and produce a report about them. This is addressing the problem of both cybersecurity vulnerabilities and the lack of training people not in IT and cybersecurity receive. This is a common problem in today’s information age. Cyberattacks happen constantly in the world, and cause billions in damage each year. This is a continuing problem for the world and is one that needs to be addressed. Having a software that will perform some common avenues of attack then create a report is a good way to start for many companies. The report could also help improve the training for staff to improve the chances of staff resisting social engineering attempts and phishing.

This is a known problem in the world for years now. The earliest cyberattacks date back to 1988, and this happened to be one of the most devastating attacks, known as the Morris Worm. Since then cyberattacks have only advanced in both capabilities and damage potential. This advancement has meant that cybersecurity is an area that cannot be afforded to be compromised on. These attacks have caused both financial and societal concerns, some like the Sony hacks in 2011 caused both with information being compromised for users and the company losing money. Some like the Equifax hack and the colonial pipeline hack are things that could be prevented with testing software like our proposal. Equifax as a credit bureau suffered an attack due to the refusal to update systems and renew licenses, allowing vital information to be stolen via known exploits. While this was known in the Equifax case, for other businesses this could have been prevented, with testing by cybersecurity systems, like the one we are proposing. This was a failure of people and the systems, as the systems were not updated and left vulnerable, and the people who refused to update the systems. On the opposite side, the colonial pipeline hack was mostly a failure of training. During the colonial pipeline hack an operator clicked a suspicious link that locked the systems down with ransomware. The results of this was a temporary shut down of the pipeline, and some hysteria in affected states. Other attacks are sponsored by governments, like North Korea attacking Sony, or Chinese groups targeting companies like Microsoft. These attacks present a whole new avenue to defend from because a government affiliated entity has more resources for an attack than a regular group. I have listed cyberattacks that have had long reaching consequences, and this doesn’t even touch the amount made per day or the use of cyberattacks as warfare and activism. This leads to the reasoning behind our problem, as it can mainly have two sources, attacks, and human error. With the potential of ruining not only lives and businesses, cyber vulnerabilities and the lack of training people are given will cause significant damage.

Our solution to the problem is software that is meant to search for vulnerabilities and produce a report about them, otherwise known as penetration testing. Our software will give a business or group a look into what they will be vulnerable to, and we can use that report to develop a training program to help combat this threat. This could mean pointing out the vulnerabilities in a specific software, or testing users with attempts at phishing. There are alot of methods available to use for testing. Due to this it will also be important to develop the training part with specific in mind. It will need to be determined who will be receiving training, and why. A low level clerk or representative will not need as intense training as an IT or cybersecurity team member. Our software may need specialization too as cybersecurity is a broadfield and focusing on everything will be hard to achieve at first. Once the software has its report, we can make some baseline modules for the training so both depth and length could be modified. Both of these aspects working together should provide a good buffer against attacks.

I expect us to come across a couple of barriers in trying to make this entrepreneurship work. The first one would be the actual work required for both the software, and training. A software meant to identify vulnerabilities, means we need to have a software capable of making these attacks, which may be difficult to make at first. The training will also need to be applicable to most people and those in the industry, so it needs a wide range of content. Aside from technical skill and mechanics behind the attacks I expect the second barrier to be marketing. Pentesting is not a new field, and this means that as a new business we will need a way to stand out from the established groups.Without decent marketing it will be hard to get clients for the business. The third barrier that I think we will hit is cost. Staff, development and marketing are all going to cost money, so starting with enough funds, and being able to run the business for a few months to a year at least is a must otherwise we risk running bankrupt or in debt. Having both effective budgets and a good amount of starting capital will be needed. The 4th barrier will be staff, as we will need to both construct the product and manage a business. So we would need at the very least software engineers, management, and accounting. Each of these would be needed to make the product, and ensure the business stays on point. I think the 5th and 6th barriers will be information security and software requirements. We will need to keep up with both the cybersecurity regulations, and the requirements of software, as these will change more often than other industries. We would also be collecting a large amount of user data and this itself needs to be protected from attack. Failing to protect this data will not only make us incur financial damages, but also incur reputational damage.

Finally we have success, I think we have a few goals to meet if we want to declare this a success. The primary thing we need to declare this a success is for the software to work. For me this means the software needs to be able to determine several different vulnerabilities and translate this to a readable report. Then an effective training program needs to be built from this report. Having a decent product is going to be the key to the success of our entrepreneurship as a whole. The second measure would be getting good returns on our initial investments and expenses. Making enough to both cover operations and leave room to expand means we will have successfully gotten out of the initial stages of the business and have a better chance of succeeding. Not reaching this will mean that our software and business is quickly going to be running out of money to run. A third measure would be receiving good feedback. The software will need to be popular and effective with users to continue use, so receiving good feedback on it is an easy way to measure that. This feedback will also help us refine the product and make it better or expand it. The final way we can measure success is that the software actually helps reduce the risks companies will face from vulnerabilities. By both detecting vulnerabilities and training users, the overall risk of an attack should go down. This will be one of the more important measures for success that we will have, as it means the product itself is actually working.

Included below is the social media page Austin set up for our project