From Left to Right in Photo:
ELI OWEN, Deputy Commander, California State Threat Assessment Center
THOR EDENS, California Cyber Security Integration Center
MICHAEL CREWS, Cal OES Information Security Officer
For this episode we brought three of California’s cyber security gurus who talk about some things you and your agency/company can and should be doing to protect yourself from cyber crime. October is National Cyber Security Awareness Month which is an annual campaign to raise awareness about cyber security, but any month, any day is a good day to beef up your own personal protection. We live in a world that is more connected than ever before. The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. National Cyber Security Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about cyber security, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident. (Source: Dept. of Homeland Security)
California Cybersecurity Integration Center’s (CalCSIC) mission is to reduce the likelihood and severity of cyber incidents that may significantly compromise the security and resilience of California’s economy, its critical infrastructure, and information resources. Cal OES executes this mission together with CDT, CHP and CMD. Cal-CSIC is comprised of two key functional components: (1) cyber threat analysis; and, (2) dissemination and coordination of incident response and recovery operations (hereinafter “recovery”). Specifically, Cal-CSIC coordinates the identification, prevention or mitigation of cyber threats, as well as coordinates the response to, and recovery from significant cyber incidents. Cal-CSIC coordinates the production of threat assessments for the State, and facilitates analysis and exchange of cyber threat information with all affected organizations.
Cyber Crime – Crime conducted via the Internet or some other computer network
APT – Advanced Persistent Threat
Social Engineering – a line of attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. (Source: TechTarget)
Spycraft – (aka Tradecraft) Within the intelligence community, this refers to the techniques, methods and technologies used in modern espionage (spying) and generally, as part of the activity of intelligence.
Polymorphic – Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes (“morphs”), making it difficult to detect with anti-malware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys. (Source: TechTarget)
Spear phishing – An email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.
Ransomware – There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC. They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
- Prevent you from accessing your computer.
- Encrypt files so you can’t use them.
- Stop certain apps from running (like your web browser).
- Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.
- There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again. (Source: Microsoft)
Stop Think Connect
California Cyber Security