Social Engineering
I can be found on your desk. I am supposed to be covered when not in use. Leaving me exposed will reveal personal information like SSN, DOB, DOD#, etc.
What is Personally Identifiable Information (PII)?
This should be located visibly in your workspace so my information can be seen. Every user should have this in case something happens.
What is the Cybersecurity Incident Reporting Aid?
A current or former USARC employee who intentionally misuses their access to harm the organization, steal data, or sabotage systems.
What is a malicious insider threat?
Recommend using 8-12 minimum characters including a mixture of letters, numbers, and special characters.
What is a strong password?
I meet DOD standards & NSA-compliant. I have cross-cut teeth and can tear a document fast. The only device used for destroying evidence.
What is an authorized shredder?
The practice of looking at someone's computer from behind, without them noticing, being nosey. Trying to gain personal information by looking over.
What is Shoulder Surfing?
Malicious software is installed on a system without the user's knowledge, through email attachments or infected websites. The goal is to steal data and/or damage computer systems.
What is malware software?
A user begins accessing systems or data outside the scope of their job responsibilities.
What is a non privileged user?
A tool that can help users generate and store complex, unique passwords for their accounts. No more guessing and locking accounts.
What is a password manager/generator?
I'm portable, small, and cute. I can do flips, fold, slide, but never bend. I can only hang with a partner after works hours.
What is a cell phone?
I am scanned through a phone's camera where criminals use malicious codes to trick users into visiting fake websites, often to steal sensitive information or install malware.
What is Quishing?
An attacker overwhelms a system, server, or network with traffic, rendering it unavailable to legitimate users.
What is a Distributed Denial-of-Service (DDoS) attack?
Risk posed by an individual at USARC who may unintentionally compromises security through actions such as mishandling data, engaging phishing emails, being unaware of policies, or abusing access.
What is an unwitting insider threat?
A security feature that adds an extra layer of protection by requiring a second form of verification, like a code sent to your phone or email.
What is two-factor authentication (2FA)?
I am tapped/clicked all day and not supposed to be used in the USARC HQ building. My connection is through USB; you can hardly see me.
What is a wireless mice/keyboard device?
Following people in a restricted room is what I like to do. I'm not authorized to be there, but why not, I'll just smile and nod.
What is Tailgating?
Encrypting user data and demanding payment, in exchange for access back on their device.
What is ransom ware?
Someone who dislikes their job and/or team members. This type of user is dangerous because they can cause the most harm.
What is a disgruntled user?
This isn't allowed, but it's common and risky habit involving using the same password across multiple accounts.
What is a password reuse?
Unauthorized device that can mimic a legitimate Wi-Fi network, tricking users into connecting and unknowingly exposing their data to attackers.
What an evil twin access point?
Using artificial intelligence to mimic a trusted person’s voice or image, to manipulate employees into taking urgent actions like transferring funds or sharing sensitive data.
What is deepfake impersonation?
Name the most common cyber incident for USARC FY2024.
**Bonus: name the 2nd most common
What are plugging cell phones into laptops?
**Adult Content
The monitoring approach that helps detect insider threats by analyzing user behavior over time. It flags anomalies such as unusual login times, large file transfers, or unauthorized access attempts.
What is User and Entity Behavior Analytics (UEBA)?
An advanced password strategy involving using a unique combination of words.
What is a passphrase password?
Unauthorized wireless device connected to a secure network, potentially allowing attackers to intercept data or gain access.
What is a rogue device or rogue access point?