From Left to Right in Photo:

ELI OWEN, Deputy Commander, California State Threat Assessment Center

THOR EDENS, California Cyber Security Integration Center

MICHAEL CREWS, Cal OES Information Security Officer

For this episode we brought three of California’s cybersecurity gurus who talk about some of things you and your agency/company can and should be doing to protect yourself from cybercrime. October is National Cyber Security Awareness Month which is an annual campaign to raise awareness about cybersecurity, but any month, any day is a good time to beef up your own personal protection. We live in a world that is more connected than ever before. The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. National Cyber Security Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident. (Source: Dept. of Homeland Security)

California Cybersecurity Integration Center’s (CalCSIC) mission is to reduce the likelihood and severity of cyber incidents that may significantly compromise the security and resilience of California’s economy, its critical infrastructure,and information resources. Cal OES executes this mission together with CDT, CHP and CMD. Cal-CSIC is comprised of two key functional components: (1) cyberthreat analysis; and, (2) dissemination and coordination of incident response and recovery operations (hereinafter “recovery”). Specifically, Cal-CSIC coordinates the identification, prevention or mitigation of cyber threats, as well as coordinates the response to, and recovery from significant cyber incidents. Cal-CSIC coordinates the production of threat assessments for theState, and facilitates analysis and exchange of cyber threat information with all affected organizations.

Terms Used:

Cyber Crime – Crime conducted via the Internet or someother computer network

APT – Advanced Persistent Threat

Social Engineering –  A line of attack that relies heavily on humaninteraction and often involves tricking people into breaking normal securityprocedures. (Source: TechTarget)

Spycraft – (aka Tradecraft) Within the intelligencecommunity, this refers to the techniques, methods and technologies used inmodern espionage (spying) and generally, as part of the activity ofintelligence.

Polymorphic – Polymorphic malware is harmful, destructiveor intrusive computer software such as a virus, worm, Trojan or spyware thatconstantly changes ("morphs"), making it difficult to detect withanti-malware programs. Evolution of the malicious code can occur in a varietyof ways such as filename changes, compression and encryption with variablekeys. (Source: TechTarget)

Spear phishing – An email that appears to be from anindividual or business that you know. But it isn't. It's from the same criminalhackers who want your credit card and bank account numbers, passwords, and thefinancial information on your PC.

Ransomware – There are different types of ransomware.However, all of them will prevent you from using your PC normally, and theywill all ask you to do something before you can use your PC. They can targetany PC users, whether it’s a home computer, endpoints in an enterprise network,or servers used by a government agency or healthcare provider.

Ransomware can:

  • Prevent you from accessing your computer.
  • Encrypt files so you can't use them.
  • Stop certain apps from running (like your web browser).
  • Ransomware will demand that you pay money (a “ransom”) toget access to your PC or files. We have also seen them make you completesurveys.
  • There is no guarantee that paying the fine or doing whatthe ransomware tells you will give access to your PC or files again. (Source:Microsoft) 


Stop Think Connect 


Ransomware Help

CalCSIC Announcement

California Cyber Security 


Share | Download(Loading)