In honor of “Cybersecurity Awareness Month,” the Cal State Fullerton Information Technology Department hosted its first cybersecurity event on Halloween where speakers shared their expertise on internet security and techniques to stay safe online.
“Security is very difficult because there’s no such thing as a secure network unless there are no users on it,” said Jason Weiss, a speaker and attorney for Drinker, Biddle and Reath Law Firm.
Weiss’ presentation was about security issues that law enforcement encounters, and issues that may come in the private sector.
Weiss said that there are three important networks that protect internet data, which are information security, information disaster recovery and information privacy that all aim to prevent unauthorized access.
A recurring mistake that users make is reusing the same login and password for different sources, which increases the chances of hackers gaining access to multiple accounts, Weiss said.
In order to prevent this from happening, Weiss recommends that users download an encrypted app that will ensure password security even if the device is stolen.
The event was hosted by Berhanu Tadesse, the associate vice president for IT academic technology services, who stated that the primary issue for IT technicians is information security.
“We need to have events like this so we can increase awareness among the campus,” said Tadesse.
Weiss said, the most important defense against online threats are social awareness campaigns that educate employees and students about network safety.
“Insiders are a far greater threat than external hackers,” Weiss said. “People don’t realize that probably 80% of acts take place from behind, from insiders.”
Due to the new California Consumer Privacy Act, businesses can now be sued if member information is leaked, encouraging companies to step up their security, Weiss said.
This includes institutions like Cal State Fullerton where students may sue over breaches of private information.
Weiss concluded his presentation by warning guests to not open unknown emails as they may load malware viruses onto their networks.
On the panel was Rojan Rijal, computer science major and president of the Offensive Security Society Club, who spoke about cybersecurity from the perspective of a hacker.
The Offensive Security Society is a student-run organization that hacks into companies and conducts a report of their findings in order to improve their security.
“The goal of (the organization) is to actually give (students) that industry experience,” Rijal said. “We have done different events with companies so they actually network with companies.”
Rijal explained although hackers carry a negative connotation, the club aims to represent how hacking strategies can help companies strengthen their system, which can help students to find career opportunities.
Social engineering is a technique hackers use to manipulate people’s behavior into performing certain tasks by inflicting a sense of urgency or panic, Rijal said.
He said some methods include hackers sending text messages and threatening to lock user accounts if recovery codes are not sent.
Students can find out if they were hacked by visiting the website haveibeenpwnd.com where a list of websites will appear if an email or password has been breached, Rijal said.
In 2015, CSUF’s College of Engineering and Computer Science department established the Center of Cybersecurity directed by Mikhail Gofman that intends to educate students, develop its research and ultimately expand their community outreach.
A cybersecurity curriculum was created with foundational courses that are still in progress.
The curriculum aims to have an academic program that is recognized by the National Security Agency of Center of Academic Excellence by meeting its standards, said Gofman.
Last spring, the program submitted a proposal to enable students to graduate with a concentration in cybersecurity. Students will be able to take courses in introduction to cybersecurity, network security, cloud computing security and various others.
“Another exciting piece of news is that now, ‘Introduction to Cybersecurity’ is a mandatory core course for all computer science majors,” Gofman said.
The computer science department has also hired three new faculty members to help with the development of future courses at CSUF. The department will attempt to meet the National Security Agency requirements by 2025.