IT/CYSE 200T

Cybersecurity, Technology, and Society

F1:

Hi, my name is Garrett and I am from Chesapeake, VA. I’m a freshman majoring in Cybersecurity. My goal is to work for the government when I graduate. I play video games and I love shows and movies.

F2:

The three jobs I am interested in working in is the Cyber Security Specialist position at LinTech Global, the IT Cyber Security Analyst at Leidos, and the Cyber Security Analyst position at GoHPT. For the job at LinTech, I will need five years of experience with a DoD certification and accreditation program. At Leidos, they require a B.S. in Cyber Security and 2-4 years of prior experience. Finally, for the position at GoHPT, I must have security+ certification, along with a CAP, CISSP, GSLC, CISM, or CASP certification.

To attain these certifications and requirements, I will need to thoroughly plan out my schedule accordingly for the next years. I intend on graduating with a B.S. in Cyber Security, so that one is a long way away, but as I go, I will attempt to get certified in different programs.

F3:

If I was a policymaker, companies with more than 20 employees would be obligated to implement cybersecurity requirements in awareness, training, education, and technology.

To begin with, I would make sure that awareness in the workplace is a top priority. A majority of employees in a workplace are unaware of the dangers of links and scams sent through emails and found on websites. I would make sure that everyone working in these companies are aware of the hazards by fulfilling the correct training. A training program would need to be implemented that teaches employees the basics of avoiding faulty links and pop-ups. This should be a requirement for all employees to complete before they may begin working at any company. Also, if any employees are not qualified to use a computer efficiently, they should go through training. This requirement would allow for efficient speed and efficiency in the workplace.

Technology is a significant factor in all of what we do. Information is stored on it, work is done on it, and most importantly, it opens a whole new way of theft. To avoid losing any information, whether it is personal or work-related, it needs to be secure. The president of the company must make sure everyone has the necessary knowledge to protect their information.

However, even that is not enough. Every company that stores their information online needs to hire a cybersecurity professional to maximize their defense. Any companies that are not compliant with the policies must be fined because this issue is vast and many companies have been exposed by significant hacks, losing millions due to privacy breaches.

F4:

Simple errors can lead to extremely disastrous cyber-attacks. Let us imagine that employees at a hospital received an email from a random source, claiming that they have won a $100 gift card. Most, if not everyone, trusts the email and clicks on the link that was included in it and completed what is needed to win it. It turns out that there was a bug within the link that then entered the hospital’s network, exposing the company to the source that sent the emails.

Later the next day, client information in the thousands is released online for everyone to see. The hospital takes a big hit for that, losing many clients and gaining many lawsuits for allowing the exposure of their client’s personal information. This attack affects the hospital’s clients, exposing their personal information for anyone to see, and the hospital, losing vast amounts of money and credibility.

It would take a long time for the hospital to come back from an attack that could have easily been prevented. If the employees within the company were trained to spot fake emails like this, then it would never have happened. Many hacker groups use emails similar to reputable companies in order to trick their targets. After this attack, the hospital would be smart to initiate a training program that teaches their employees how to prevent cyber-attacks. The training program will need to teach the employees how to spot fake emails and not fall for gimmicks like the one mentioned at the beginning.

F5:

When interviewing people for an information security officer position, I would need to make sure that I ask questions that genuinely measure their skill and experience.

The first question that I would ask is, “What methods do you use to detect possible vulnerabilities?” This question could help me figure out the candidate’s analytical ability and method. I would hope to get a quick and detailed response to know that our company’s information will be in good hands. The next question I would ask is, “Have you ever experienced a security breach at a past company you worked for, and how did you handle it?” With this question, I can learn more about the experience they have and how they would secure our company’s assets if it were compromised. A yes or no would be a valid response for this as long as they know how to handle one if it were to occur.

Additionally, I would ask them, “In what ways might employees unintentionally increase the risk of a breach?” Asking this will reassure me that they understand the risks that their co-workers represent when uneducated on today’s technology. I would expect them to teach them about the matters they need to avoid online. Another question from me would be, “What are the largest threats to information security?” I would then expect that they could name a few and describe them to me. Finally, I would question them about the current development in their field, expecting them to be up to date with the newest security advancements.

F6:

Create cyber safety tutorials

Yardwork Networking App

Bug Bounties

Electronic Banking Security

Retail data security

Security Services

Educate individuals about cybersecurity through short videos with ads

Create my own VPN software to sell

Unite cyber experts together through an app I make

Real Estate

Independent consulting work

Teach Cybersecurity at a university

Your own code sharing

 If I were to choose one of these ideas to turn into an actual business, I would choose to develop an app that educates individuals about cybersecurity through short videos. This idea would involve me programming an app that allows people to learn more about cybersecurity or entry-level skills and programming to get them on track to studying it themselves. I would also need to create videos, possibly with the help of other professionals, to teach the basic concepts. I have seen other uses of this idea through sites like skillshare; however, the app will solely focus on cybersecurity education with additional help from other experts in the field.

My goal with this app would be to teach others about cybersecurity, without overwhelming them, before they choose to major in the field. It may prevent them from getting engulfed with new terms and knowledge when they start classes. Anyone could use the app, but it is mostly directed toward high school students that are interested in cybersecurity.

To profit off my app, I will use advertisements. Many free apps make money by using ads either regularly dispersed throughout or as an option to get specific items. I would set them to appear periodically, so none of my customers are annoyed by it, but the more people using it, the more I will get from it. Luckily, by myself, it should not be too costly to develop the app. I would just need to devote some time, and later on, if successful, I can pay some other experts to spread their knowledge and send in videos to use.

Finally, to sustain the app, I wouldn’t have to devote too much money towards it. After some time, there will be enough knowledge on it, and as long as people are using it, the app will sustain itself. The videos will always be accessible to anyone, and I can rest at night, knowing that my work is not going to waste.

F7:

If I were the CEO of a company, I would be sure to reward those who follow policies, while those who do not will face the consequences. I would make sure that cybersecurity is one of our top priorities, and those that follow the strict rules within it will not regret it.

First of all, I would prioritize that everyone’s accounts are extra secured. To be sure of this, I would recommend the use of DUO Authentication. I know to a lot of people this policy could be annoying; however, having that extra step to stay secure is worth it in the long run. To incentivize this, I would hold a monthly raffle that enters all the names of the employees that continually use it to win a gift card. Also, I would make sure that those who consistently keep their information secure are recognized by myself in person. A lot of people need recognition to feel good and enjoy their work, so I believe it would be sufficient. Another reward would be promotions to the cybersecurity staff for keeping the company’s information secured over long lengths of time, increasing their productivity and interest in the workplace.

Finally, I would set forth sanctions so that employees will avoid ignoring company policy. Strong passwords must be required to have strong security. Employees would be required to make a password that must include a symbol, capital letter, numbers, and cannot include any real words. Furthermore, those who do not follow policies will be written up, in hopes to encourage employees to improve their ways because a write-up does not look good on one’s self. Finally, with how critical cybersecurity is, those who continue to ignore cyber policies will be discharged because the company’s security is one of, if not the top priority of a company that deals with clients and keeps their information stored within the company’s computers.

F8:

Currently, many people are still adjusting to the evolution of technology. In this case, physical properties are viewed as more valuable in most people’s eyes. They can touch it and know it is physically there, unlike digital items. Several individuals are unaware of the change in technology and ignore the fact that their most valuable items are stored online and at significant risk, failing to realize how they can keep it from falling into the wrong hands. The easiest targets are those of older age who lack the computer skills and knowledge to avoid scams and acquire the proper software to keep their data safe. The failure to understand that their entire life is stored online, such as their finances and personal information, puts them at risk.

There are many strategies that those who lack the appropriate knowledge of risks online could use to keep their personal information safe. A site could be made featuring tutorials that teach those individuals on how to keep their data safe online. One of the tutorials would promote the importance of passwords, displaying the significance of complicated passwords and the physical storage of passwords instead of storing them digitally. Another would focus on what to avoid online, such as pop-up ads, faulty links, and emails, and pages opening up, claiming that the user has a virus or needs to update the software on their computer. Many pop-up ads are scams or may contain viruses, while faulty links and emails can be used to gain access to one’s computer. No one would be forced to watch the tutorials, but those who are not familiar with today’s technology, but it would be suggested to those who want to keep their personal information out of the wrong hands.

Those strategies are just a few examples out of many ways that individuals who are not adept with technology can keep their personal information secure online. Many issues are plaguing the cyberspace that cannot easily be blocked out; however, making sure people are aware of these problems can help them try their best to avoid them.

F9:

While VPNs, Virtual Private Networks, are widely talked about as the perfect application to protect networks, everything that has advantages, has disadvantages. Firstly, VPNs can access blocked content from anywhere, allowing individuals to access content that their current country or workplace does not allow. Furthermore, VPNs enable one to change their IP address to appear in a different country as an alternative. Additionally, VPNs encrypt the data on computers, keeping them safe from others when using public Wi-Fi. Always remaining anonymous, no one can see what you are doing. While being easily affordable, VPNs can also save you money on e-commerce websites when you change your location to appear elsewhere. Finally, compared to the price of security plans, VPNs are significantly cheaper.

Although VPNs have plenty of benefits, the disadvantages are just as weighing. To begin with, VPNs can slow down someone’s connection speed. Encrypting all of their online activity weighs on the network. Also, many VPNs are no longer reliable, as Anti-VPN software grows stronger. One must be careful when choosing which VPN to buy, making sure to do plenty of research. From time to time, VPN connections can suddenly drop, exposing your real IP address. To help combat this, some VPNs have a built-in kill switch to disconnect from the internet in case of a drop instantly. Sadly, VPNs are not too user friendly, containing complex protocols and encryptions. If not appropriately configured, individuals could experience IP and DNS leaks, making private data vulnerable to hackers and online threats.

In the end, the advantages of VPNs far outweigh the disadvantages. With some slight downsides and setbacks, VPNs are beneficial, and a must-have for consistent users of the internet. With continuously upgraded malware hacks, frequently keeping your network secure is a top priority.

F10:

Cyberstalking Cases

Based on the ten cyberstalking cases I found, there were many similarities and differences between them. The first similarity would be gender. Nine out of the ten cases were committed by men, while a female committed only one. Also, in many of the cases, the convicted had a gun violation. The age range was between twenty to fifty-five years old, with the majority involving a man in his fifties.

While there were many resemblances in the ten cases, they did have some differences. The origin of the convicts was spread out around the United States, suggesting that location is not a factor when it comes to cyberstalking.

In conclusion, the most significant pattern with cyberstalking is the most frequent suspect is a male, either in their twenties to fifties. A gun violation is usually involved as well. The most noticeable difference would be location, not being a huge influence when it comes to cyberstalking.

F11:

I believe that Russian agents purchasing ads on Facebook and Twitter to influence the 2016 presidential election does not constitute cyberwar. In my opinion, cyberwar is a conflict between two or more nations within cyberspace, stealing information from one another electronically. Ads are purchased on these social media sites for many different products and to raise awareness for specific causes. Almost anyone can do this with the site’s permission, making it a legal purpose. In the end, it is just political propaganda. Many politicians purchase ads on social media to promote their campaign. How is it any different than posting signs along a street for anyone to see as they drive past? While the purpose of this ad is to influence the election, it does not directly impact it, only attempting to convince the people to vote for Donald Trump.

While the use of these ads is permitted, they can be seen as unethical. The post is a lie, using an account called “Army of Jesus,” trying to convince those of certain religions that voting for Hilary is like voting for Satan, and that voting for Trump is voting for Jesus. Sadly, many US citizens could be misled by this, but that is their fault. Additionally, on the business side, claiming this is cyberwar may make people wary of future elections, worried about future influenced elections.

For this to be cyberwar, the election would have to be directly influenced, such as the manipulation of votes electronically. For example, the accusations about Russia directly affecting the polls were a hot topic for a lengthy amount of time. If this case were to be accurate, then it would be an excellent example of cyberwar; however, no one is sure, leaving us with political ads from Russia that give no resemblance to cyberwar.

F12:

I think the most significant cybersecurity challenge in 2040 will be dealing with hackers. All of our personal information is on our phones, including credit cards, social securities, and even our lively hood such as passwords and accounts. In 2040 I believe that the world will be technology-driven as this will cause issues because hackers will be more advanced and possibly able to hack on a larger scale. Technology is continuously becoming more sophisticated, reaching new heights to what is capable for hackers and increasing the number of vulnerabilities in the cyberspace.

If this were to happen, it would be devastating for people. I would advise national and supernational policymakers to enforce hacking laws and allow for a more natural way to prevent it. If our personal identity is safe from hackers, we would not have problems with hackers or their plans to cause malicious intent with our work.

A specific strategy that could be put in place is to possibly free previous hackers from jail and set up a team of white hackers to stop the hacks before they ever happen. With peace of mind and people not needing to worry about their personal information being used or sold online, it would let people be on the internet and stream safely without the worry of their lives being ruined by the action of a few individuals. With this peace of mind, I think the future could be a great place.

F13:

The social engineering case that I found was an attack on Sony Pictures in 2014. The attacks started in November when a group of hackers called The Guardians of Peace (GOP), hacked into Sony Pictures, leaving their network crippled for days. Information including previously unreleased films was posted to the internet. Along with the leaking of movies, 4,000 past and present employee information were leaked, along with some financial information.

No psychological mechanism was used; however, the method used was a hack into Sony’s network. The hacker group did not directly benefit from the manipulation, and neither did Sony. It is believed that the group is from North Korea and leaked Sony’s information as revenge for their movie, “The Interview,” which made fun of North Korea leader Kim Jong Un.

Sony Pictures lost millions of possible dollars in revenue due to the movies leaked and the threats sent by the GOP. They lost five potentially successful films. Furthermore, the group was never found and will continue to be a mystery, but growing evidence points toward North Korea being behind the attacks.

To prevent future attacks, Sony must invest more in network security. While it may have seemed like a needless expense at the time, hopefully, after losing millions, Sony has raised its security funds and will be better prepared for any future attack. Almost everything is stored online, which increases the risks of information being stolen. Additionally, I hope this incident inspired other large companies to invest more money in cybersecurity.

IT 200T Mid-Term Video