Cyber Awareness Program at Middlesex County Academy for STEM
ISACA New Jersey Chapter continues to implement their newly formed initiative of bringing cybersecurity awareness to high-school students. The program's overall goal is to promote cyber-awareness to ensure cyber-safety and open up the generation of tomorrow to consider vast opportunities in the field. There is an expanding skills gap that needs to be filled by both men and women alike. The SheLeadsTechTM program has been designed to provide inclusive opportunities to both genders, as well as encourage and promote women in the field.
On January 3rd, 2020, NJ ISACA's SheLeadsTech Committee invited the (ISC2) New Jersey Chapter to speak about cybersecurity dangers and career opportunities at the Middlesex County Academy for STEM. Presenters were Niloufer Tamboly, (ISC2) NJ Chapter President, and Sanjeev Dayal, (ISC2) NJ Chapter Board Director.
Students were exposed to the NIST Cybersecurity Framework, the core methodology most cyber professionals use. As Mrs. Tamboly explained, the Framework provides a common language and systematic method for managing cybersecurity risk. It has been designed to integrate industry standards and best practices to help organizations manage their cybersecurity risks through the 5 key elements of Identify, Protect, Detect, Respond, and Recover. With the Framework's implementation, organizations are able to understand their cybersecurity risks and overall posture to help them create customized measures to reduce these risks. There are tremendous career opportunities for cyber analysts around these 5 key elements.
Mrs. Tamboly further emphasized how rapidly the field is expanding and the growing skills gap with it. The need for experts will continue to increase as new technologies develop, such as the ever-growing industry of online gaming. With this transition, she brought insight of the tactics utilized in the breach of the popular online game, Fortnite, a game students were able to resonate with. Students were able to take away these simple elements of the breach:
- HOW – EPIC Games left an old, unsecured page accessible to hackers whom were able to log onto players' accounts without a password.
- WHAT – Hackers accessed the accounts of users to purchase in-game items with victims' payment information. Bad actors could also listen in on in-game conversations undetected
- THE RISK – Unfiltered access to players' account information, including credit cards and payment information. Further, dangerous implications of eavesdropping on conversations undetected, especially concerning children.
It is important to stay cyber-safe. With the right protective measures, individuals can secure themselves and their information from possible breaches. As a transition into the next presentation, some tips were shared corresponding to the conversation surrounding Fortnite's breach:
MITIGATION EFFORTS – Players who choose to utilize in-game communication should only engage in game relevant
conversation. Private chats should be set-up, when able, with only known friends.
Continuing the conversation, Sanjeev Dayal emphasized simple, yet effective recommendations for students to remain cyber-safe. Some key recommendations included:
- Have strong passwords.
- Do not use the same password across multiple platforms.
- Utilize Multi-Factor Authentication where available
- Don't utilize public Wi-Fi services. Instead, rely on VPNs or personal mobile hot-spots.
- Set social media profiles to private. This can help reduce tactics for phishers.
- Avoid posting or sharing personal information online.
- Never open attachments from unknown entities.
He urged everyone to stay vigilant online for attempts of social engineering, phishing, scams, and fraud. Students were also reminded that everything posted online stays forever. It was further advised to always think before posting or sharing anything online.
Aside from these risks, Mr. Dayal cautioned on cyber-bullying. Cyberbullying is a growing problem and has become an issue because the Internet is fairly anonymous. Hackers can very well be cyberbullies if they act with the intent of damaging the victim's reputation. They may even demand payment in return for not publicly sharing sensitive data.
Cybersecurity and cyberbullying can be related in the form of cybercrime. Implementing the recommendations noted before can minimize the chances of becoming a victim. Any instances of cyberbullying should be documented and reported to the appropriate authorities.
Although 100% security cannot exist, steps can be taken to protect your online identity to reduce the likelihood of these unfortunate occurrences. The cyber realm can invite unwarranted dangers, however it is up to individuals and organizations alike to be cyber resilient.