Getting robbed at gunpoint and having someone break into your home after disabling your security system — these are a couple ways cybersecurity professionals describe the dangers of the cyberworld.

The internet, and all it holds, may not be a physical place, but experts such as John Ziegler stress that the danger is real. Ziegler is an associate provost for information and administrative technology services at Slippery Rock University. His job is to defend the school from prying cyber eyes.

“The best way to think about it is as a house,” Ziegler said. “You have perimeters around the house like firewalls and then in the house you have protocols to manage access so a lot of that is done with hardware. We have things in place to verify who is suppose to be here.”

People try to hack into institutions for an array of reasons, Ziegler and others noted. But the most common motive is to get money. One of the biggest threats to companies and institutions of all sizes is ransomware, a type of malicious software that infects a computer system and locks the original users out of accessing it. In most of these cases, hackers will typically require a ransom (hence the name ransomware) in exchange for unlocking the system.

Another form of hacking hijacks computers to use for Bitcoin mining, a highly taxing process on a computer to create a digital currency.

Like the other experts interviewed for this story, Ziegler declined to give specific information about the school’s defense network out of a concern that he would be compromising the school’s safety. But he noted that the school has a dedicated team dealing with cybersecurity.

“Internet crime is bigger than face-to-face crime,” Ziegler said. “One of the hardest pieces is having people understand there are issues out there.”

Ziegler noted that attempts to get into the school’s system are made on a daily basis.

“We try to teach our folks about awareness,” Ziegler said. “People are starting to become more aware, but we still have a ways to go, but it's much better than it used to be.”

“Most ransomware security issues are caused by someone inside the system, about 85 percent, I would say,” Ziegler said. “We have to deputize everyone and try to get people aware of these things.”

So for Slippery Rock University, emails received by students and faculty will have a warning on them if they come from someone outside of the school’s email network.

And the safety features of the school’s cyber network is constantly being stress-tested by students who try to break the system as an exercise.

“We have a stress test everyday. This stuff doesn’t stop. We have to be diligent 24/7, 365 days,” Ziegler said. “So, we have to have different layers of security, like a house's security. There's a lot of roadblocks, and we have to be vigilant every hour. It's one of the hardest things to deal with.”

Part of making the system strong requires staying abreast of the latest hacking methods and keeping up with system updates.

“We have reports coming in everyday, and make decisions over that,” Ziegler said. “We also get information from different police agencies, IT groups, vendors.”

Ziegler said that they have “patch Tuesdays. That's when security patches are released from Microsoft. You have to stay on top of those patches. You have to make sure your systems are up-to-date so they’re not vulnerable. Security is very proactive. And a lot of it is very reactive. Much like a police department.”

The tradeoff for convenience and connectivity might seem like too high a price to pay, but Ziegler said there is no going back to simpler times.

“The whole thing always scares me. The beautiful part of tech is accessibility and being able to get the data you need, but on any given day something bizarre could happen,” he said.

And Roger Lutz, Butler Hospital’s Chief Information Officer, said that the problem is something everyone faces.

“This is an unbelievably complex issue, and it's one of the biggest issues we face as a nation,” Lutz said. “Cybersecurity professionals are in high demand.”

Lutz noted that there is no cybersecurity system that will keep out all bad actors.

“Any time you're connected to the internet, it's a constant state of risk management,” Lutz said. “What we do to address that is an end-to-end cybersecurity framework.”

Lutz continued, “The phrase now is no one can be 100% cyber-secure, so you have to be cyber-resilient. You detect cyberattacks in various stages of unfolding.”

And hopefully a minimum amount of damage is done when a cyberattack is discovered.

To contend with these risks, Lutz said the hospital uses a framework.

“Framework — it's a recipe. Start by identifying all hardware and software assets that you have. Where are all your devices? These simple little things open your eyes,” Lutz said. “All these devices and software have to be updated and replaced every five years, or so. Once old programs, or whatever, stop patching things, the vulnerability is exposed in no-longer supported operating systems. A lot of it is extremely high tech. Very advanced firewalls that do deep pack inspections.”

For a hospital, the prospect of getting hijacked poses the added threat that patients would be endangered if medical personnel couldn’t access a patient’s record.

“We sometimes use the analogy, it's maintaining an airplane that never lands,” Lutz said. “An accounting firm can take their systems down at night to patch it, but we have to work with clinical teams to ensure uninterrupted healthcare while we patch our systems.”

He said that security concerns have to be balanced with accessibility.

“Maintaining the highest level of information security as much as possible while keeping that transparent for people who are caring for patients,” Lutz said. “The ability to have instant access to information is really critical to good patient care.”

And like Ziegler, Lutz said that taking their systems offline isn't possible.

“The clinical advantage to having access to a patient’s medical record is essential,” he said. “Going back to the stone ages is not the solution. Do we wish we could go back to the stone age? Some might joke it was better back then, but it wasn't. Having critical information immediately is critical to state of the art care.”

Last year, Butler County Community College closed its main and satellite campuses to deal with the effects of a ransomware attack on its computer systems. And the school canceled remote and online credit classes and noncredit courses in order for the school to restore databases, hard drives, servers and other devices affected by the breach. The shutdown lasted from Nov. 29 to Dec. 5, according to William Foley, Coordinator of News and Media Content for the school.

Foley said that “the college’s information technology division experienced widespread technical difficulties Nov. 24. BC3’s Thanksgiving break was Nov. 24 to Nov. 28. The college’s IT staff discovered that certain devices connected to the college’s network had been encrypted by a ransomware program.”

Once the discovery was made, Foley said the school isolated devices and shut off certain systems to contain the ransomware attack. They also received assistance from a third-party forensic firm that continues to assist the college with its investigation. BC3 also notified the FBI about the incident and is cooperating with its investigation.

Foley said that “The college’s information technology division rebuilt every PC on campus; rebuilt Citrix services that control remote access and student desktops; and restored servers in its data center.

“Because of the ongoing investigations, the college cannot provide further information about the ransomware attack.”

Foley said that the school “continues to utilize and install enhanced security tools on devices across its network.” And like the other experts noted, staying vigilant is the best you can do, and hope that hackers don’t develop a new way to get around security measures.