Director of Communication & Engagement
Carlsbad Chamber of Commerce
In the past 18 months, while frontline healthcare workers were fighting a global virus, another set of workers were battling a different global viral threat: cyberattacks. Rick Cassoni is the Department Chair for Computer Studies at Mira Costa College, and as someone in charge of training the future cybersecurity specialists, he knows first-hand demand for these experts has risen considerably. “Cybersecurity became especially important not only in education environments but throughout the worldwide workforce,” says Cassoni. “Having persons work from home (WFH) to contain the spread of COVID put extra pressures on cybersecurity teams for private and public companies, government, and educational entities, as persons had to log in to access systems over the internet from home, providing vectors for cyber criminals to deploy attacks versus from the safety of a physical company behind firewalls.”
Assistant Special Agent in Charge at the San Diego FBI Cyber Program, Houtan Moshrefi, says that in the current environment “the most prevalent cybersecurity threats facing all companies today are Business Email Compromise (BEC) attacks, phishing, ransomware, hacking, and insider threats.” However, there is one particular risk that has stood out: ransomware. “A traditional ransomware attack will encrypt (make inaccessible) all files on a computer or server, affecting a company’s ability to operate,” says Moshrefi. “Modern ransomware goes a step further; malicious actors steal sensitive data and extort companies who do not pay the ransom by threatening to publish company records and data to the internet.”
Unfortunately, according to Moshrefi, ransomware has driven cyber criminals to organize in a way that makes it more prolific, which he refers to as “the emergence of ‘ransomware as a service’.” “The most sophisticated ransomware groups are increasingly offering to sell their cyber tools to less sophisticated cyber criminals as a bundle, providing both the malware and the phishing operation, payment platform, and premade data leak site. The impact of ransomware as a service is that it lowers the barrier of entry into the cyber-crime business.”
With this in mind, and just like in the past 18 years, the Cybersecurity and Infrastructure Security Agency (CISA) recognizes October as Cybersecurity Awareness Month in an effort to educate organizations and individuals on how to have a safe and secure online experience. Under the theme “Do Your Part. #BeCyberSmart.” CISA is focusing on topics from phishing to careers in cybersecurity.
Locally, Au Technology Solutions CEO and Owner, Kevin Clemons, has seen his fair share of cyber attacks. But the most common cybersecurity issue he has been deployed to address is “securing safe email services.” He adds that there are three ‘must haves’ particularly for small businesses to protect themselves from attacks: “multifactor authentication, secure email and secure file sharing.”
Moshrefi suggests that cybersecurity in an organization should start with self-examination. “Assess your current cybersecurity posture. Every organization should ask themselves: what are our present cyber risks and the potential business impact of each risk; how is executive management informed of these cyber risks and the potential business impact on the company; how are our organizations applying industry standards and best practices; and how comprehensive is our incident response plan and how often is it tested.”
Luckily, organizations can trust that when cybersecurity issues arise, there will be someone that can help. A perfect example, is the MiraCosta College Cybersecurity program. “Our goal is to provide students with in-depth knowledge reinforced with hands on labs using the same tools as cybersecurity professionals, courses that help prepare students for industry certifications and both informal and formal work-based learning experiences that include classroom labs, internships, and Club IT, CSIT Department’s Student Club.”
As someone who has spent many years in the field, Clemons believes that these three skills are also very important as the cybersecurity professionals of the future are trained: “problem solving, excellent communication and proactive attitude.”
For those who would like to take their career to a federal agency, Moshreti says that “the FBI is always interested in applicants with a strong computer science or cyber background.” In fact, there are opportunities for both students through “student programs to include our Honors Internship and College Hiring Initiative” and for working professionals. “Applicants with a background in cybersecurity or computer science can bring those abilities to the FBI working as computer scientists, or utilize their analytical skills and cyber knowledge in positions such as Special Agent or Intelligence Analyst.”
Visit www.cisa.gov/cybersecurity-awareness-month to learn more about Cybersecurity Awareness Month and access cybersecurity resources.
HOW TO REPORT A CYBERSECURITY INCIDENT.
An incident may be reported at any stage to the FBI, even when complete information may not be available. Companies can report to a local FBI field office, the Internet Crime Complaint Center at www.ic3.gov or through CyWatch, the FBI’s 24/7 Operations Center (855) 292-3937, [email protected]
INTERESTED IN A CYBERSECURITY CAREER WITH THE FBI?
More information on available student programs can be found at: https://fbijobs.gov/students
For more information on STEM (Science, Technology, Engineering, and Mathmatics) careers at the FBI – visit: https://fbijobs.gov/career-paths/stem