Members of the California Cybersecurity Task Force meeting in San Diego today learned about the growing threat posed by socially engineered attacks targeting sensitive information from individuals, government officials and entities, as well as the private sector via mobile devices, SMS, web sites, video and voice.
Cyber-related attacks are not perpetrated from some dark room in a distant location, Digijaks LLC Chief Executive Officer Alan W. Silberberg told task force members during remarks at the group’s quarterly meeting. He noted that information on how to hack is readily available through search engines and other sources and that hacking has become a service industry, complete with cartels composed of 300-400 people employed to hack companies, utilities and other targets.
During his remarks, Silberberg explained how hackers learn about their targets and the people and organizations with which they are connected before launching their attacks through various vectors, including links included in SMS messages, emails and other communications.
Elements of commonly used applications such as permissions to know the user’s location, to modify or delete SD card contents and to access or modify system tools are other potential vectors, he said.
He stressed the importance of identifying and “closing doors” by closely looking at the permission authorities and other settings on phones and applications, including those obtained from the Apple and Google stores.
“There’s no reason most applications should have access to SMS, banking and other information,” he said.
Silberberg also stressed the importance of regularly checking social media to learn what is being said online as well as who is saying it.
Silberberg told task force members that social graphs could be used to look at social engineered attacks in “real time” as well as to review what occurred. He stressed the importance of using more than one analytics company.
Earlier during the meeting, California Governor’s Office of Emergency Services Director Mark Ghilarducci thanked members of the task force for their work and noted the important role the task force has played and continues to play in helping California get “in front” of the cyber security threat.
“When we established this task force, we knew we were seeing an emerging and evolving threat. We knew the threat would become more complex,” he said.
The Cal OES director noted the importance of getting and remaining ‘in front” of evolving emergencies and that dealing with cyber security is no different … but it has been challenging.
“Once a disaster gets out in front of you, it makes it more complicated to deal with,” Ghilarducci said. “Preparing for and responding to cyber events requires a proactive and offensive posture. A defensive position does not work. Yet, almost every day we are hearing about more and more cases of cyber attack.”
He noted the contributions of the task force in shaping the Executive Order issued by Governor Brown aimed at enhancing California’s ability to prepare for and respond to cyber attacks.
The Executive Order directs Cal OES to establish the California Cybersecurity Integration Center. The center will enhance the state’s cyber security strategy, ensure for a collaborative and proactive response capability and improve inter-agency and cross-sector coordination.
Despite the state’s progress in cyber security, “we still need to do much more, including increasing the public’s understanding of the cyber threat and what steps they can take to deter or minimize that threat,” Ghilarducci said.