ht+a's Podcast
[Audiobook] Workplace Essentials | Cyber Security
Ever wonder why even the smallest of businesses need to prioritize cybersecurity? Discover the essential foundations of cybersecurity as we dissect the motivations of hackers—gray hats, black hats, and white hats—and explain why tailored security measures are critical for every organization. Understand the threats posed by malware like worms, viruses, spyware, and Trojans, and learn about the devastating impacts they can have on your systems. This episode is your guide to fortifying your defenses against these relentless dangers.
Think your passwords are secure? Think again. We dive deep into the importance of creating complex, frequently updated passwords and explore the different types of cyberattacks that can compromise your data. Learn about the advantages of two-step verification, safe email practices, and recognizing spoof websites. We also shed light on the vulnerabilities of mobile devices, stressing the need for comprehensive protection across all your digital platforms. Our discussion includes essential tips for conducting penetration tests to identify and address system weaknesses.
Social media isn't just for sharing; when used unwisely, it can become a hacker's playground. We'll examine the pitfalls of oversharing personal information online and offer practical strategies to mitigate these risks. From manipulating privacy settings to using VPNs and firewalls, this episode provides a thorough roadmap to securing your online presence. Don't miss the invaluable advice from cybersecurity legends like Janet Reno, Kevin Mitnick, and Frank Abagnale, who share their insights on encryption, intrusion detection, and consumer education. Whether you're protecting a small business or a large corporation, these expert tips are crucial for safeguarding your data.
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Ever wonder why even the smallest of businesses need to prioritize cybersecurity? Discover the essential foundations of cybersecurity as we dissect the motivations of hackers—gray hats, black hats, and white hats—and explain why tailored security measures are critical for every organization. Understand the threats posed by malware like worms, viruses, spyware, and Trojans, and learn about the devastating impacts they can have on your systems. This episode is your guide to fortifying your defenses against these relentless dangers.
Think your passwords are secure? Think again. We dive deep into the importance of creating complex, frequently updated passwords and explore the different types of cyberattacks that can compromise your data. Learn about the advantages of two-step verification, safe email practices, and recognizing spoof websites. We also shed light on the vulnerabilities of mobile devices, stressing the need for comprehensive protection across all your digital platforms. Our discussion includes essential tips for conducting penetration tests to identify and address system weaknesses.
Social media isn't just for sharing; when used unwisely, it can become a hacker's playground. We'll examine the pitfalls of oversharing personal information online and offer practical strategies to mitigate these risks. From manipulating privacy settings to using VPNs and firewalls, this episode provides a thorough roadmap to securing your online presence. Don't miss the invaluable advice from cybersecurity legends like Janet Reno, Kevin Mitnick, and Frank Abagnale, who share their insights on encryption, intrusion detection, and consumer education. Whether you're protecting a small business or a large corporation, these expert tips are crucial for safeguarding your data.
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Cyber Security. Module 1. Getting Started. Every organization is responsible for ensuring cyber security. The ability to protect its information systems from impairment or even theft is essential to success. Implementing effective security measures will not only offer liability protection, it will also increase efficiency and productivity. Module 2. Cybersecurity Fundamentals.
Speaker 1:Before developing and implementing security measures to prevent cyberattacks, you must understand basic concepts associated with cybersecurity and what cyberattacks are. The methods of cybersecurity that a company uses should be tailored to fit the needs of the organization. Cyberspace is the environment where computer transactions take place. This specifically refers to computer-to-computer activity. Although there is no physical space that makes up cyberspace, with the stroke of a few keys on a keyboard, one can connect with others around the world. Examples of items included in cyberspace are networks, devices, software processes, information storage applications. As previously mentioned, cybersecurity is the implementation of methods to prevent attacks on a company's information systems. This is done to avoid disruption of the company's productivity. Not only does cybersecurity include controlling physical access to the system's hardware. It protects from danger that may come via network access or the injection of code.
Speaker 1:Cybersecurity is crucial to a business for a myriad of reasons. The two this section will focus on are data security, breaches and sabotage. Each can have dire effects on a company and or its clients. Data security breaches can compromise secure information such as names and social security numbers, credit card and bank details, trade secrets, intellectual property. Computer sabotage serves to disable a company's computers or network to impede the company's ability to conduct business. In simple terms, a hacker is an individual or group of individuals who use their knowledge of technology to break into computer systems and networks, using a variety of tools to gain access to and utilize other people's data for devious reasons. There are three main types of hackers. They are Gray hats these hackers do so for the fun of it. Black hats these hackers have malevolent reasons for doing so, such as stealing and or selling data for monetary gain. White hats these hackers are employed by companies to hack into systems to find where the company is vulnerable, with the intention of ensuring the safety of the data from hackers with ill intentions. Patrick and Willow are in the process of opening a small answering service business. They are discussing the various needs of the company, including the type of security they are going to use for their computer systems. Patrick tells Willow that he doesn't believe it's necessary to implement any type of computer security because their business is small Willow states. Even though their business will start out small, they are still vulnerable and there are many hackers out there that can break into their system and disrupt business.
Speaker 1:Module 3. Types of Malware. Malware is the shortened form for malicious software, which is intrusive software used to perform actions such as interrupting computer operations and obtaining sensitive information. Acquiring access to private computer systems and brandishing unsolicited advertising are also characteristics of malware.
Speaker 1:A computer worm is an independent malware program that reproduces itself to infect other computers. It can spread to other computers without having to attach to an existing program, but still causes some form of damage to the network. Damage done by worms includes bandwidth consumption, stopping active anti-malware service, immobilizing safe mode, hindering Windows auto-update. A computer virus is a program that hides within a harmless program and reproduces itself to perform actions such as destroying data. It can infect files and, when the file is opened, spread the virus throughout your computer. The virus will further spread if the infected file is shared with others. Damage done by viruses includes corrupting files, computer slowdown, taking over basic functions of the operating system.
Speaker 1:The main purpose of spyware is to obtain information about an individual or company without their knowledge or consent. The data gathered from this act of spying is sometimes sent to another entity. It can also be used to gain control over one's computer without the user realizing it. It is commonly used to track the user's movements and bombard the user with pop-up ads. Damage done by spyware includes collecting personal information, installing unsolicited software, redirecting web browsers, changing computer settings, slowing down internet connection.
Speaker 1:Trojans gain access into computers by misleading users as to what it is truly meant to do. They spread in sneaky ways. For example, a user may receive an email attachment that appears to be legitimate, but when they open it, it in fact gives the attacker the opportunity to obtain the user's personal information, such as banking details and passwords. Damage done by Trojans includes crashing the computer, deleting files, corrupting data, logging keystrokes. Many employees at XYZ Company have noticed that their computers are moving slowly. Harry has complained that somehow the settings he previously had on his computer have changed. Also, when he types in a particular URL for a website, his browser takes him somewhere completely different. Tom notices that files that are supposed to be saved to his computer have been deleted. Harry and Tom go to their supervisor, jerry, to inquire about what is going on. Jerry turns on his computer and observes similar issues.
Speaker 1:Module 4. Cybersecurity Breaches. Cybersecurity breaches are the result of secure information being released to a treacherous environment. Whether the data is released intentionally or unintentionally, the consequences can have long-lasting effects, from harassment to identity theft. Unintentionally, the consequences can have long-lasting effects, from harassment to identity theft.
Speaker 1:Cyber criminals who use phishing scams aim to obtain personal information by appearing to be a legitimate source. Many times, they masquerade as a major company, such as a bank, appealing to your desire to keep your information safe. For example, they may send an email that says we suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity. Clicking the link or responding to the email can take you to a website that looks authentic but is, in fact, a spoof site that serves to steal your information and use it for malicious purposes, such as committing crimes using your name or using your bank information for personal gain.
Speaker 1:Identity theft can be considered one of the worst-case scenarios when it comes to cybersecurity breaches. Whether hacking into a company's computer system to assume the identity of the company, or doing so to steal the identities of the company's customers or clients, the end result can be disastrous. Those who seek to steal another's identity, typically do so and move on quickly, making it difficult to track and prosecute the perpetrator. This is why an ounce of prevention is worth a pound of cure. There are many ways to help prevent identity theft. Some examples are Be mindful of phishing websites. Utilize an antivirus and anti-malware program. Don't respond to unsolicited requests for secure information.
Speaker 1:Cyber bullying is not limited to individuals. Cyber bullies can use their vices to ruin the reputation of a company as well. Many companies have social media accounts that allow the general public to post comments, complaints and suggestions. Some use this opportunity to post cruel and negative comments or even threats. What are some ways to handle? Cyberbullies Do not immediately respond. When one feels attacked, the immediate tendency is to respond out of emotion. Doing so could escalate the issue. So take some time to process the information and compose yourself before dealing with the issue. Tell the cyberbully to stop. Granted, this may not always work, but sometimes being told that the behavior is not acceptable is all one needs in order to cease. Get the authorities involved. Contact the police. The police often have the necessary tools to track down the culprit and help put a stop to the behavior.
Speaker 1:Cyberstalking a company can include acts such as false accusations and defamation which can affect the standing of the company in the community. The cyberstalker's intention is typically to intimidate or in some way influence the victim. Cyberstalking is a criminal offense that is punishable under the anti-stalking laws. Being found guilty of cyberstalking could lead to penalties from a restraining order against the assailant to the assailant serving jail time. Anti-stalking tips Be sure you always have physical access control over your computer to prevent the stalker from gaining that control without your knowledge. Always log out of programs before stepping away from your desk. Utilize a screensaver and password. Protect your passwords. Do not share them. Change them often. Keep your security software updated.
Speaker 1:Paula works for and also banks with 123 Bank. She received what appears to be an email from the bank that stated we suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity. As she got ready to click the link, something told her to consult with her co-worker, emily, to confirm. This is something that their bank does. Emily told Paula that their company doesn't send out such emails. In fact, most companies do not.
Speaker 1:Module 5. Types of Cyber Attacks. Cyber attacks are orchestrated by individuals or groups to destroy the information systems, networks, etc. Of others. From installing spyware on a computer to obliterating a company's entire infrastructure, cyber-attacks can have devastating effects on many.
Speaker 1:Passwords are intended to prevent unauthorized access to your accounts, so it's important to use passwords that are strong in order to prevent threats against the privacy and security of the data associated with your company and customers. Why is it important to use a strong password? There is software available to hackers that will allow them to try various passwords in an attempt to crack the code of and infiltrate your system. How to protect your business? Create a password that is easy for you to remember but difficult for someone else to figure out. Include upper and lower case letters, numbers and symbols. Craft a password that is long. Regularly update your password.
Speaker 1:Denial of service attacks are just as its name states. Its goal is to make a network unavailable to its intended users. This type of attack can be used against individuals, where, if they consecutively enter the wrong password enough times, then they are locked out of their account. It can also manifest as a network being so overloaded that no one can get in. Damage caused by denial of service attacks Network performs slowly, a specific website is inaccessible, no websites are accessible, receiving a large amount of spam emails.
Speaker 1:A passive attack is conducted to simply find the vulnerabilities of a system, but not change any data at that time. Think of it in terms of a conversation that two people are having and the passive attacker is eavesdropping in on the conversation. Although it may seem like a harmless act at the time, if the intruder is able to obtain the right information, they can use that in the future to cause irreparable damage. A passive attack is different from an active attack, which aims to change data of the system at the time of the attack. Penetration testing can be a positive tool for an organization. It is done to unearth the vulnerabilities of a computer system, then take advantage of those vulnerabilities to get an idea of the impact an actual attack will have on the system. There are many reasons why a company would utilize penetration testing. Some of these include Establish the likelihood of a specific attack occurring. Detect high-risk vulnerabilities that can result from a grouping of low-risk vulnerabilities that take place in a particular pattern. Determine the bearing an attack will have on a company. Assess the company's network risk management capabilities.
Speaker 1:Kurt and Jeff are new hires with Bob's Electronics. They are at their desks setting up their computer passwords. Kurt tells Jeff he should create a password that is long and includes letters, numbers and symbols, so it will be difficult for others to figure out. Jeff said he doesn't trust his memory to such a password and will probably create one that just has letters. Three months later, jeff notices he has started receiving a lot of spam in his inbox A week after he tries to log in to his system by inputting his password, but it locks him out after several failed attempts and he has to call technical support for assistance.
Speaker 1:Module 6. Prevention Tips. Although it may not be possible to completely avoid falling victim to cybercrime, having a toolkit of prevention methods could help your organization minimize the risk of such crimes damaging the reputation of your company or faith of your clients and customers. One of the easiest steps to keeping your data safe is to craft solid login credentials. If possible, remember the password so that it doesn't have to be written down. If you must have the password written down on hard copy somewhere, be sure to store it in a secure location with few people having access to it.
Speaker 1:What are some tips for creating a strong password? 1. Use a unique password for each of your accounts. Do not use one password for all of them. 2. Ensure your password consists of letters, numbers and symbols. This would make it harder for others to figure out. 3. Avoid using common words or consecutive characters to make up your password. For example, do not use password as your password. Do not use a password such as Office 111.
Speaker 1:Two-step verification is a way of authenticating an individual's identity using two components before they gain access. The idea behind this process is that, although an imposter has one piece of the victim's identifying information, they most likely don't have two Examples of information that may be used for authentication purposes Token, key, password, pin, fingerprint, voice recognition. It's important to always download email attachments with care. Even if the email appears to be from a credible source, although the attachment seems to have a well-known extension, for example PDF, doc, etc. It could in fact be a Trojan. Protect yourself by considering these steps Regularly update software patches, go with your gut. If something doesn't seem right, it probably isn't. Save and scan the true source of the attachment before opening it.
Speaker 1:There are many websites that at first glance look like legitimate sites, but upon further examination you realize it is a spoof. Opening such a site could lead to damage such as slowing down the speed of your computer or, even worse, the loss of files or stolen identity. It is important to take precautionary measures when visiting websites. Even if it is a site you have visited in the past, type the complete URL in the browser when doing a Google or Bing search. Do not open websites with names that just don't look right. Question the intentions of the sender when you receive an unsolicited email to visit a particular website. Make sure your anti-spyware or antivirus program is up to date so it can warn you of a website that looks suspicious. The new employee, trainer and an investment management company is discussing with the trainees tips to keep in mind as they are creating the passwords for the different work systems they will have to log into so that the passwords are strong and not easy to figure out. She also talks about the company's two-step verification process to ensure that only the authorized person can access the account. Lastly, she goes over determining whether or not a website is legitimate before opening it. Carl, one of the trainees, states that he is curious about the company's policy on opening attachments from coworkers and outside sources.
Speaker 1:Module 7. Mobile Protection. It is just as important to protect your smartphone as it is your computer. With phones having many of the same capabilities as computers, they are open to many of the same vulnerabilities that computers face. This module will discuss several small but effective steps to take to ensure mobile protection. Many times it seems convenient to store credit card numbers on your phone so you have them at your fingertips and you don't necessarily have to rely on your memory. But just as it is easy for you to access these numbers, it is easy for someone who means harm to access them. If, for some reason, it is absolutely necessary for you to store this information on your phone, it is important for you to take extreme measures to make sure the data is safeguarded, such as tokenization and or encryption. Enabling a lock on your phone when not in use and a PIN or password to unlock the phone could help prevent unauthorized use of the phone. Just as we talked about in a previous module.
Speaker 1:If you set a password on your phone, it is important to create a strong password. Keep these tips in mind when creating your password. Use a unique password for each of your accounts. Do not use one password for all of them. Ensure your password consists of letters, numbers and symbols. This would make it harder for others to figure out. Avoid using common words or consecutive characters to make up your password. For example, do not use password as your password. Do not use a password such as office 111.
Speaker 1:When it comes to passwords, the ideal situation would be to remember them, so there is no trail of what they are, which could make it easy for an unauthorized user to utilize them. But the fact is, most people have unique passwords for each account they have. Because of this, it may be necessary to use a backup method in case they are forgotten. If this is the case, write them down and securely store them. Do not save them on your phone. Write them down and treat them as. Do not save them on your phone. Write them down and treat them as you would any other important documents, by locking them in a safe or drawer that requires a key. Invest in a password manager service.
Speaker 1:You've created a lock on your phone and regularly lock it when it's not in use. You quickly step away from your desk with your phone on it and forget to lock it. Someone who doesn't have permission to touch your phone decides to go through your contact list. John sees the name Bob Jones, with ABC Company Manager in parentheses. John writes down Bob's name and number and decides to use it to solicit Bob's business. This is one scenario of what can happen when your phone includes a personalized contact list. In this example, the result, while uncomfortable, is not an extreme situation. Just think what could have happened. Dolores and Earl have recently been given cell phones by their company to be able to conduct business while they are away from the office. Their manager encourages them to lock their phones each time they are not in use and make sure they memorize the password to unlock it. Dolores tells Earl that she's happy they have the phones because she can save her customers' credit card information on it, so she doesn't always have to refer to her paper file when she needs to conduct a transaction for them. Earl states that it is best not to do that because if her phone gets hacked, the customers' financial data may be compromised.
Speaker 1:Module 8. Social Network Security. Many people forget that with social networking, although they are not meeting with people face to face, revealing too much information about oneself could still lead to dangerous situations, such as social engineering attacks. This module will discuss some of the ways to protect yourself from being lulled into a false sense of security. This seems like an issue of common sense, but many need to be reminded that revealing your location to strangers is never a good idea. Some social media sites require that you input your location and, if that's the case, you can use your creativity to make a fake location or input one a city or state different from where you are actually located. In some instances, the website will allow you to continue different from where you are actually located. In some instances, the website will allow you to continue without entering anything in the location field.
Speaker 1:The internet is a public source and with disclosing your actual location to strangers, you could open yourself to crimes such as burglary, harassment or stalking. Giving away your birthdate seems like a harmless act, but when a criminal has your birthday, they have one of the several pieces of information needed to steal your identity. If you absolutely must list your birthdate, do not include the year. Just because you post something doesn't mean it's for everybody to see. Although social media is a useful way of networking professionally and promoting your business, failing to properly manage your profile and privacy settings could have consequences that you cannot undo. Each social media platform has its own instructions for updating the settings of your profile so that information is distributed according to your wishes. Be sure to thoroughly read through these guidelines Some of the most common social media websites Facebook, instagram, twitter, google Plus, linkedin, pinterest.
Speaker 1:Although linking social media accounts may be a convenience to you, it is making it easier for thieves to find you. It is especially important that you don't link your personal accounts with your business accounts. Some content on one of your social media sites may not be appropriate for content on another site. For example, content you post on Facebook, which is a relatively informal site, may not be appropriate for your LinkedIn account, which is a more formal setting. What are some other reasons why you shouldn't link your social media accounts? Automated posting Same messages across different platforms? No-transcript.
Speaker 1:Reagan and Isabel have opened a candy shop. Reagan has been charged with setting up and managing the company's social media account. She enjoys using her personal social media in her spare time and believes this is the perfect opportunity to sharpen her skills. Since she already has a lot of followers on her own social media accounts, she feels it makes sense to just link the business account to hers. This way, she doesn't have to work quite as hard to drive traffic to the business. She discusses her plan with Isabel. Isabel questions the idea because Reagan's accounts have a lot of visible personal information that she doesn't think their customers need to know.
Speaker 1:Module 9. Prevention Software. Now we've gotten to the good stuff. We've thoroughly covered the many dangers lurking attempting to take over your computer systems or even steal your identity. It's now time to talk about the proactive steps you can take to protect yourself and your business. While you may not be able to completely avoid these risks, there are many ways to lessen your exposure to threats, vulnerabilities and attacks. Firewalls use preset security rules to keep track of and regulate the incoming and outgoing traffic of your network system. Think of a firewall as a blockade between the internal network, which is a trusted source, and external networks, which are presumed not to be safe. The two types of firewalls are network firewalls and host-based firewalls. Network firewalls specifically filter the flow of traffic concerning at least two networks, while host-based firewalls deal with one host that manages the traffic in and out of that particular machine.
Speaker 1:Virtual private networks VPNs are private networks that spread across a public network, the internet. Vpns enable users to send and receive information across the public network as if they are connected to the private networks. An example of this would be a company that gives its employees access to its intranet while not inside of the office. This would be called remote access VPN. Another type of VPN is site-to-site VPN. This is where one company has offices in different geographical locations. Users are able to connect the network of one office site to the network of another office site. The above VPN types are based on a variety of VPN security protocols, which come with different qualities and degrees of security Protocols Internet protocol security, layer 2 tunneling Protocol, point-to-point Tunneling Protocol, secure Sockets, layer and Transport Layer Security, openvpn, secure Shell.
Speaker 1:Antivirus Software. Antivirus software protects users from many different threats. Some of these include viruses, browser hijackers, rootkits, trojans, worms and ransomware. Anti-spyware software. Anti-spyware software aims to detect and dispose of spyware programs that the user doesn't intend to have on their system. These spyware programs are installed on the computer without the user's knowledge or consent and collect information about them. Spyware can cause damage, such as posing a security risk and reducing system performance. Examples of companies that offer antivirus or anti-spyware programs McAfee, kaspersky, bitdefender, norton. To ensure your antivirus and anti-spyware programs are working properly, it is crucial that you regularly update your settings and run scheduled scans to check for anything suspicious.
Speaker 1:Operating systems regularly release updates to address security issues and improve computer performance. The three categories that these fall into are high priority suggested and drivers. High priority updates are just as their name states they are very important and should be non-negotiable. Examples of such updates include security patches and bug fixes. Suggested updates can help improve the performance of your computer, but typically do not allow for major problems if not installed. Drivers can be a bit more complicated if you're not versed in what they are and how to install them. If you are positive that you need the update for that driver, install it. Otherwise it could be more of a headache than it is worth.
Speaker 1:Greg and Richard are in a meeting discussing the recent cyberattack their company underwent. They are bouncing ideas off of each other regarding what methods they want to implement to prevent this from happening again. Greg says, at a minimum, they should invest in antivirus anti-spyware software. Richard agrees and says they should invest in antivirus anti-spyware software. Richard agrees and says they should also look into firewalls and making sure their operating system is conducting routine updates as it should. Greg questions what security measure they should have in place for when they are working on their business computers away from the office, module 10.
Speaker 1:Critical Cyber Threats. Critical cyber threats are those that, if carried out, could have a debilitating effect on an organization or even a country. In the case of a country, it could negatively impact aspects such as security, national economic security and national public health. As mentioned, critical cyber threats are not designed to temporarily disable an organization, but completely destroy it. To give you an idea of the magnitude of such an attack, again using a country as an example, according to the Department of Homeland Security, some of the critical infrastructures of a country that can be demolished as a result include energy defense, transportation, food and agriculture, emergency services, communications, water and wastewater Manufacturing, chemical Commercial facilities, dams, finance, healthcare, government facilities, nuclear facilities.
Speaker 1:Cyberterrorism is cyber threats or attacks on a large scale. These acts are designed to terrorize the internet as a whole or entire computer networks. This is done by spreading viruses to computers. Examples of cyberterrorism include A computer hacker, allegedly associated with the white supremacist movement, temporarily disabled a Massachusetts ISP and damaged part of the ISP's record-keeping system. The ISP had attempted to stop the hacker from sending out worldwide racist messages under the ISP's name. The hacker signed off with the threat. You have yet to see true electronic terrorism. This is a promise.
Speaker 1:Spanish protesters bombarded the Institute for Global Communications, igc, with thousands of bogus email messages. Email was tied up and undeliverable to the ISP's users, and support lines were tied up with people who couldn't get their mail. The protesters also spammed IGC staff and member accounts, clogged their webpage with bogus credit card orders and threatened to employ the same tactics against organizations using IGC services. They demanded that IGC stop hosting the website for the Escal Heria Journal, a New York-based publication supporting Basque independence. Protesters said IGC supported terrorism because a section on the webpages contained materials on the terrorist group ETA, which claimed responsibility for assassinations of Spanish political and security officials and attacks on military installations. Igc finally relented and pulled the site because of the mail bombings.
Speaker 1:Cyber warfare is a means of war against another state or country to damage that other state or country's information networks. Many times this is carried out via computer viruses or denial-of-service attacks. Examples of cyber warfare include the United States hacked into Serbia's air defense system to compromise air traffic control and facilitate the bombing of Serbian targets. In Estonia, a botnet of over a million computers brought down government, business and media websites across the country. The attack was suspected to have originated in Russia, motivated by political tension between the two countries. A cyber spy network called GhostNet accessed confidential information belonging to both governmental and private organizations in over 100 countries around the world. Ghostnet was reported to originate in China, although that country denied responsibility.
Speaker 1:The purpose of cyber espionage is to obtain the secrets of another without their permission. The perpetrator of the espionage is typically trying to acquire sensitive, proprietary or classified information. This can be committed against anyone, from an individual to a company to a country. The information will be used as an advantage against the one from whom the information was stolen. It can be accomplished through means such as cracking, trojans and the installation of spyware. Examples of cyber espionage include the Wall Street Journal reported that unnamed government officials told the Wall Street Journal that cyber spies from China and Russia had broken into computer systems used by companies maintaining the three North American electrical grids. Canadian researchers revealed that a cyber-spy network based in China had broken into diplomatic computer systems involving 103 different countries. Beijing denied any official involvement, but the investigation had begun when the Dalai Lama, tibet's leader-in-exile, noticed that sensitive documents from his own PCs had turned up in Chinese hands. Just after Barack Obama's election victory, newsweek revealed that both the Illinois senator's campaign and that of his rival at the time, senator John McCain, had been spied upon by a foreign power that had placed spyware on staffers' computers.
Speaker 1:In the past few weeks Lucky's Cleaners has been receiving harassing emails from a local competitor that says they are going to ruin Lucky's reputation and run them out of business. Martha, the owner, is concerned that they may bad mouth them to prospective clients and may even do something to their computer system that will negatively impact business without them knowing it. Martha sits down with Robert, the cleaner's manager, to discuss what is going on and what they can do to fix the problem Module 11. Defense Against Hackers. Going on and what they can do to fix the problem Module 11. Defense Against Hackers. The best defense is a good offense. Rather than reacting to attacks once they've occurred, a wise strategy is to prepare proactive measures so that, if the time comes, you can completely bypass the attack or lessen the blow of it.
Speaker 1:Cryptography is basically defined as a secret method of writing. This is done so that only authorized parties are able to interpret the message. It is used in various industries, such as banking and health, to protect the privacy and security of companies and customers or patients' information. Examples of encryption methods include International Data Encryption Method, idea, advanced Encryption Standard, aes. Data Encryption Standard DES by many computer systems have become a tool for committing various crimes. Because of this, law enforcement officials have decided to use this very tool to counteract the criminals' use of computers to commit online and offline crimes. In essence, they have decided to fight fire with fire.
Speaker 1:In digital forensics, law enforcement collects and analyzes the data in such a way that it can be used in court against the perpetrator. Examples of cases where digital forensics was used BTK Killer Dennis Rader was convicted of a string of serial killings that occurred over a period of 16 years. Towards the end of this period, rader sent letters to the police on a floppy disk. Metadata within the documents implicated an author named Dennis at Christ Lutheran Church. This evidence helped lead to Rader's arrest, joseph E Duncan III. A spreadsheet recovered from Duncan's computer contained evidence that showed him planning his crimes. Prosecutors used this to show premeditation and secure the death penalty. Sharon Lepatka Hundreds of emails on Lepatka's computer led investigators to her killer, robert Glass.
Speaker 1:Intrusion detection is a vital asset to a computer system. Intrusion detection systems IDSs inform the administrator or a security information, an event management system of unauthorized programs or people on the network. There are a variety of IDSs to choose from. When looking to invest in an IDS, there are several questions to ask yourself what does our business need in an IDS? Will our network support the IDS system? Can we afford an IDS? What do we do if something goes wrong with the IDS? Will our network support the IDS system? Can we afford an IDS? What do we do if something goes wrong with the IDS? As our business grows, we can still use this IDS. Some manufacturers of IDSs include Dakota Alert Inc. Juniper Networks, linear LLC, puretech Systems Inc. Telguard LLC, pure Tech Systems Inc. Telgard.
Speaker 1:The majority of computer hacking crimes are punishable under the Computer Fraud and Abuse Act, 18 USC § 1030. There may be additional penalties under state law. Under this act, there are penalties for committing the following offenses involving computer Obtaining national security information. Accessing a computer and obtaining information. Trespassing in a government computer. Accessing a computer to defraud and obtain value. Intentionally damaging by knowing transmission. Recklessly damaging by intentional access. Negligently causing damage and loss by intentional access. Trafficking in passwords. Extortion involving computers. Penalties may include monetary and or prison sentences. For example, an individual who is found guilty of a first offense of illegally obtaining national security information can serve up to 10 years in prison.
Speaker 1:Frank and Joel are talking about the importance of doing their best to prevent hackers from getting to their system and if, by chance, they are able to break in, what can be done to bring them to justice? Frank says, since their bank holds a lot of private information of their customers, they need to consider some type of encryption method so only their employees can interpret data. Joel says an intrusion detection system would also be a good idea so they can be notified of suspicious activity before it causes too much damage. They both agree researching how digital forensics works and legal recourse that can be taken against cybercriminals will be worth their while. Module 12. Wrapping Up. Although this workshop is coming to a close, we hope that your journey to cyber security is just beginning. We wish you the best of luck on the rest of your travels.
Speaker 1:Words from the wise Janet Reno Everybody should want to make sure that we have the cyber tools necessary to investigate cyber crimes and to be prepared to defend against them and to bring people to justice who commit it. Kevin Mitnick, somebody could send you an office document or a PDF file and as soon as you open it, it's a booby trap and the hacker has complete control of your computer. Another major problem is password management. People use the same password on multiple sites, so when the hacker compromises one site, they have your password for everywhere else. Frank Abagnale, the police can't protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter, and there's nothing wrong with being skeptical. We live in a time when, if you make it easy for someone to steal from you, someone will.