Cybercrime and threats can be confusing – particularly if you're not an IT person. The alphabet soup of acronyms, the rate of change, and the exponential size of cyber attacks can become overwhelming in a hurry when you don't have a technology background (or a decoder ring.)
Fortunately, if you're a non-IT staffer, executive or leader interested in understanding more about the challenges of Cybercrime, but aren't sure where to start, we have just the speaker to help.
- explains the base concepts behind some of the most common cyber incidents affecting state, local, tribal, and territorial (SLTT) governments,
- covers a couple of types of malware, including ransomware and financial Trojans, as well as botnets, SQLi, and DDoS attacks,
- discusses what each of these terms means and the damage they can cause your department,
- and identifies how the best recommendations help to prevent or mitigate the attacks.
Justice Clearinghouse Editors (JCH): This is a new approach – different from how you typically present cyber topics here at Justice Clearinghouse. How did you come up with the topic?
Stacey: As I think you know, the Multi-State Information Sharing and Analysis Center (MS-ISAC), where I work, is dedicated to improving the overall cybersecurity posture of the nation’s state, local, tribal, and territorial governments through focused cyber threat prevention, protection, response, and recovery. And since we’re a no-cost solution to all state, local, tribal, and territorial governments, I talk with a lot of government employees from all around the country, every day. One of the things I hear most, especially from the justice community, is that no one has ever stopped to explain the basics.
I know cybersecurity is hard to understand. It’s incredibly difficult to even know where to start learning about it. It’s like wanting to learn a foreign language and being handed a dictionary while standing in the capital of the foreign country. I’m self-taught so I really get this.
This year the MS-ISAC is going to give 6 webinars for the Justice Clearinghouse and I’m going to start with this presentation on the basics of cybercrime and defenses because I’m a firm believer that when explained clearly, cybersecurity isn’t that hard to understand. Then, as your members attend the rest of the webinars you have lined up, including the MS-ISAC presentation in April on the cyber threat landscape, they can build on this foundation.
JCH: Who is this webinar ideal for?
Stacey: In some ways it’s easier to say who this isn’t for: IT and cybersecurity staff, and anyone else who already knows what DDoS and SQli attacks are or how antivirus works.
This is ideal for executives and anyone else who would like to start deciphering the cyber headlines, incident reports, and technical jargon. You mentioned earlier that this webinar is a different approach for us and it is not just in the fact that it’s a different topic, but also in how I’ll be presenting it. If you’ve heard me present before or read an interview with me, you know that I frequently use similes and equate cybercrime to real-world activities like graffiti and harassing phone calls. I’ll be doing that here, too. I hope that means that anyone who has anything to do with preventing or protecting against cybercrime or just wants to learn a bit more about it, will see this as an opportunity to do so.
I know cybersecurity is hard to understand.
It’s incredibly difficult to even know where to start learning about it.
It’s like wanting to learn a foreign language
and being handed a dictionary while standing in the capital of the foreign country.
JCH: Without giving the webinar away, and keeping in mind that we have the whole spectrum of the justice community, what will audience members learn from your presentation that they can then immediately apply to their own preparedness efforts?
Stacey: As anyone who has tried to implement a policy knows, a well-trained employee will do their best to follow the policy but when that policy gets in the way of doing their job… well, the job comes first. This is where education makes the difference. With education you understand, and if you understand how the defense works and what it is protecting you from, then you can make informed decisions.
For an executive or manager, this means asking better questions. Once you begin understanding the terms IT and cybersecurity staff, auditors, and forensic examiners/investigators use, you can start to dig into why they want to do things a certain way and what the change means for your organization’s cyber protections.
For everyone, this presentation means starting to understand the headlines so you can evaluate if the headline does or should matter to you or your organization. No matter who your technical staff is, they’re busy. The fields of IT and cybersecurity have two of the most chronic staffing shortfalls of any job categories. Training is time-consuming and complex and the public sector finds it notoriously difficult to compete with the private sector for the available candidates. Rather than waiting for them to explain what happened and what it means, you’ll walk away from this presentation with the knowledge to start deducing that for yourself.
JCH: Cybercrime and cybersecurity are notorious for jargon and lingo. Is there anything attendees should do to prepare for the webinar?
Stacey: Bring your questions!
This presentation is about gaining a basic understanding of the TTPs (tactics, techniques, and procedures – there’s that jargon!) of cybercrime and how defenses work (or don’t work). I know attacks and defenses that I’ll be talking about but I also know I find asking questions in a technical audience can be intimidating. So, here’s your chance to ask about what you want to understand and tell me what to explain. You can email me your questions now, find me on LinkedIn, or use the question feature in the webinar and I’ll try to answer as many questions as I can. And I’ll be doing my best to answer your questions while avoiding jargon!