06-Cyber-Security-Awareness.pptx PDF
Document Details
SPUD - St. Paul University Dumaguete
2024
CPT MCDIERY A CONCEPCION
Tags
Summary
This PowerPoint presentation on cyber security awareness is for SPUD ROTC unit use only. It covers various aspects of cyber security, including safety precautions and wellness rules. The presentation provides information on cybercrime, and the roles of the PNP and NBI.
Full Transcript
“SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Click to edit Master title style Click to edit Master subtitle style Department of Military Science and Tactics Army 25-10-2024 Reserve Offi cers 1Tra...
“SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Click to edit Master title style Click to edit Master subtitle style Department of Military Science and Tactics Army 25-10-2024 Reserve Offi cers 1Training Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CPT MCDIERY A CONCEPCION O-146724 PA (RES) POTC “MAGILAP” CLASS 12 – 2002 Professor of Military Science INSTRUCTOR’S PROFILE Military Schooling: Probationary Officers Trng Course “Magilap” Class 12-2002 - ARESCOM Training Your Picture Here School, Philippine Army Basic Infantry Course - 3rd Army Training Group, TRADOC, PA Reservist Admin Affairs Trng (RAAT) Class 2014 - 703rd CDC, 7RCDG, ARESCOM Reservist Intel Trng (RIT) Class 2015 - 703rd CDC, 7RCDG, ARESCOM Reservist Civil-Mil Opns Trng (RCMOT) Class 2016 - 703rd CDC, 7RCDG, ARESCOM Mountain SAR Trng (MOSART), 2017 - 703rd CDC, 7RCDG, ARESCOM Disaster Emergency Assistance, Relief and Rescue Trng (DEARRT), 2017 703rd Battalion S3 CDC, 7RCDG, ARESCOM Warfighting Competency Orientation Trng, 2018 - ARESCOM Training School, PA 703rd (Neg Or) Collapse Structure SAR Training (CSSRT), 2019 - 703rd CDC, 7RCDG, ARESCOM Ready Reserve Civil-Mil Opns Correspondence Course (CMO OCC) Class 19-2020 – CMO School, Inf Bn PA Tactical Combat Casualty Care Training Class 2018 - 703rd CDC, 7RCDG, ARESCOM International Schooling: Fulbright Scholar, International Leaders in Education Program – James Madison University, Harrisonburg, Virginia, USA, 2016 Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CLASSROOM RULES Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY PRECAUTIONS Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” WELLNESS RULE To reduce the eff ects of digital eye strain Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” AWARENESS Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Scope OBJECTIVES DEFINITION TYPE OF CYBER THREATS SAFETY TIPS AGAINST CYBER ATTACKS 10 STEPS TO CYBER SECURITY CYBER CRIME IN THE PHILIPPINES Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Learning Objectives A. To inform Cadets of the country’s standing policies on cyber security policies in order to increase awareness of the risks in the cyber world and discourage any practice that might be considered violations of our cyber security. B. To enable Cadets to understand the importance of cyber security awareness and its implications especially during these times when information is mostly communicated online. C. To help Cadets apply knowledge on cyber security to protect themselves from possible cyber threats and cyber attacks and encourage them to report actual knowledge of such violations. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Definition Cyber security – is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few COMMON CATEGORIES Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Definition Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed. Information security protects the integrity and privacy of data, both in storage and in transit. Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” Definition Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to operate without certain resources. End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” TYPES OF CYBER THREATS THERE ARE TEN COMMON TYPES OF CYBER THREATS: 1) Malware. Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system. 2) Phishing. An email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message. 3) Spear Phishing. A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts. 4) “Man in the Middle” (MitM) Attack. Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” TYPES OF CYBER THREATS 5) Trojans. Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system. 6) Ransomware. An attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again. These attacks range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018. 7) Denial of Service attack or Distributed Denial of Service Attack (DDoS). Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” TYPES OF CYBER THREATS 8) Attacks on IoT Devices. IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution and frequently out- of-date operating systems, IoT devices are a prime target for malicious actors. 9) Data Breaches. A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack) and espionage. 10) Malware on Mobile Apps. Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts and more. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 1) Keep Your Software Up to Date As we saw from the stats above, ransomware attacks were a major attack vector of 2017 for both businesses and consumers. One of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system, and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 2) Use Anti-Virus Protection & Firewall Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device. Using a firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device. Windows and Mac OS X comes with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a firewall built in to prevent attacks on your network. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 3) Use Strong Passwords & Use a Password Management Tool You’ve probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data! According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 4) Use Two-Factor or Multi-Factor Authentication Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two- factor authentication, you would normally enter a username and password. But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 5) Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers We recently blogged that phishing scams are nastier than ever this year. In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 6) Protect Your Sensitive Personal Identifiable Information (PII) Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, data of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. Your credit card information should be protected by companies if they follow the PCI DSS standards. In the new “always-on” world of social media, you should be very cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS Adding your home address, birthdate, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage! 7) Use Your Mobile Devices Securely According to McAfee Labs, your mobile device is now a target to more than 1.5 million new incidents. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 8) Backup Your Data Regularly Backing up your data regularly is an overlooked step in personal online security. The top IT and security managers follow a simple rule called the 3- 2-1 backup rule. Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off-site location (cloud storage). If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 9) Don’t Use Public Wi-Fi Don’t use a public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” SAFETY TIPS AGAINST CYBER ATTACKS THE TOP 10 PERSONAL CYBER SECURITY TIPS 10)Review Your Online Accounts & Credit Reports Regularly for Changes With the recent Equifax breach, it’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports. A credit freeze is the most effective way for you to protect your personal credit information from cyber criminals right now. Essentially, it allows you to lock your credit and use a personal identification number (PIN) that only you will know. You can then use this PIN when you need to apply for credit. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES OVERVIEW Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES Republic Act No. 10175, or the Cybercrime Prevention Act of 2012 Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, was signed into law by President Aquino on Sept. 12, 2012. RA 10175 punishes content-related offenses such as cybersex, child pornography and libel which may be committed through a computer system. It also penalizes unsolicited commercial communication or content that advertises or sells products or services. But there are exemptions relating to the sending of unsolicited material: It is not a crime if there is prior consent from the recipient, the communication is an announcement from the sender to users, and if there is an easy, reliable way for the recipient to reject it, among others. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES Republic Act No. 10175, or the Cybercrime Prevention Act of 2012 The law also penalizes offenses against the confidentiality, integrity and availability of computer data and system, such as illegal access, illegal interference, data interference, system interference, misuse of devices, and cybersquatting. It defines cybersquatting as the acquisition of a domain name on the Internet in bad faith or with the intent to profit, mislead, destroy one’s reputation or deprive others from registering the same domain name. Also covered by the law are computer-related forgery, fraud and identity theft. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES As many as 87 percent of Filipino Internet users were identified as victims of crimes and malicious activities committed online, according to a November 2012 primer released by the DOJ, which quoted a 2010 report of the security software firm Symantec. These included being victimized in activities such as malware (virus and Trojan) invasion, online or phishing scams and sexual predation. From 2003 to 2012, the Anti-Transnational Crime Division of the Criminal Investigation and Detection Group of the Philippine National Police looked into 2,778 referred cases of computer crimes from government agencies and private individuals nationwide. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES The Cybercrime Prevention Act of 2012 (CPA) defines the following as cybercrimes: offences against the confidentiality, integrity and availability of computer data and systems (illegal access, illegal interception, data interference, system interference, misuse of devices and cybersquatting); computer-related offences (computer-related forgery, computer-related fraud and computer- related identity theft); and content-related offences (cybersex, child pornography, unsolicited commercial communications and libel). Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES Responsibilities of the Philippine National Police (PNP) and National Bureau of Investigation (NBI) The CPA appointed the National Bureau of Investigation (NBI) and Philippine National Police (PNP) as enforcement authorities, and regulates their access to computer data, creating the Cybercrime Investigation and Coordinating Center (CICC) as an inter-agency body for policy coordination and enforcement of the national cybersecurity plan, and an Office of Cybercrime within the Department of Justice (DOJ-OC) for international mutual assistance and extradition. The law gave police authorities the mandate it needs to initiate an investigation to process the various complaints/report it gets from citizens. There are instances of online attacks, done anonymously, where victims approach police authorities for help. They often find themselves lost in getting investigation assistance as police authorities can’t effectively initiate an investigation (only do special request) – as their legal authority to request for logs or data does not exist at all unless a case is already filed. (which in case of anonymously done – will be hard to initiate). Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CYBER CRIME OF THE PHILIPPINES Responsibilities of the Philippine National Police (PNP) and National Bureau of Investigation (NBI) This law gives citizen victims, regardless of stature, the necessary investigation assistance they deserve. The PNP and NBI shall be responsible for the enforcement of this law. This includes: a) The PNP and NBI are mandated to organize a cybercrime unit or center manned by special investigators to exclusively handle cases involving violations of this Act. (Section 10). b) The PNP and NBI are required to submit timely and regular reports including pre-operation, post-operation, and investigation results and such other documents as may be required to the Department of Justice for review and monitoring. (Section 11). Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” CONCLUSION Cybersecurity awareness helps us educate about malicious methods used by cybercriminals, how they can be easy targets, how to spot potential threats and what they can do to avoid falling victim to these insidious threats. Nowadays, scamming becomes even rampant victimizing all people in any forms. Service, Patriotism, Unity, and Duty “SPUD Army ROTC Vision: By 2028, a source of national pride in ROTC training.” THANK YOU Do you have any questions? [email protected] Service, Patriotism, Unity, and Duty
