Last September, hackers stole account data from more than 500 million Yahoo! users, in what was then the largest data breach in U.S. history. The company is now embroiled in legal battles with customers and is being investigated by Congress for lax cybersecurity measures.

While few are as far-reaching as the Yahoo! breach, cyber attacks are growing in frequency and scope. To help prepare students for careers in the booming cybersecurity field, a new undergraduate club is forming at the Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS).

The Harvard College Cyber Defense Club, which began meeting in October, recently competed in the New England regional finals of the National Collegiate Cyber Defense Competition. Club president Suriya Kandaswamy, A.B. ’20, who intends to concentrate in computer science, was impressed by the performance of the first-year team, which finished in the middle of the 10-team pack.

Boston has emerged as one of the global hubs for cybersecurity businesses and innovation.

“While so much of cyber defense involves knowing what to monitor, having a good team dynamic can’t be overlooked. A lot of times, the technical aspects just fall into place when you have an organized team,” Kandaswamy said.

During the competition, each team was charged with defending a company’s network and computers against a confederation of 10 professional hackers, while also completing a series of requests from their client firm and enabling the continuation of normal business operations.

“In some sense, it is a simulation of what it’s like to defend and maintain a network in the real world,” said Christian Hamer, Chief Information Security Officer for Harvard University Information Technology (HUIT), and the club advisor. “Even though our team finished in the middle of the pack, this is an impressive achievement, as they were one of only two new teams who qualified for the competition this year. Holding their own against teams that were significantly more experienced is really fantastic.”

To prepare for the competition, club members began meeting twice a week in the fall, working to protect simulated HUIT computer networks from clever hackers. Members of the HUIT team devised different cyber-threat challenges that students tackled as a group, such as SQL injections, common code injection techniques used to dump database contents to a hacker.

Defending a system from a cyber attack often involves keeping hackers out to begin with by changing passwords and double-checking systems to ensure they are secure. Constant and careful monitoring is essential to catch logins from suspicious locations, so that cyber defenders can “kick out” hackers by running patches on systems, Kandaswamy explained.

For Nick Wong, A.B. ’20, one of the founding members of the club, learning about cybersecurity has highlighted how a lack of security can negatively impact many aspects of a person’s everyday life.

“We’re a lot less secure online than we think, and while this may have been an avoidable hazard years ago, when no one was using computers, in the age of handheld devices and the Internet of Things, Internet security is something on the level of personal safety,” he said. “We keep our identities online, and we trust websites, our phones, and our computers with enough information that someone could steal our entire life from the other side of the globe.”

The intensifying nature of global cybersecurity threats underscores the importance of the club, which Kandaswamy hopes to continue expanding. In addition to training for more collegiate cyber defense competitions, the club will host guest lectures and workshops to shed light on the importance of cybersecurity for students of all concentrations.

“There are people out there who want to wreak havoc and get a person’s data for their own gains. It is important to understand how they do that, because it is a good step towards prevention,” she said. “This is more than just learning about hacking and defending—this club gives students a more holistic view of how networks and applications are vulnerable to the outside world.”