Transcription

Trivia Game

National Cybersecurity Awareness MonthTrivia Game#BeCyberSmart:Online SafetyDevice SecurityTypes ofCyber AttacksCyber HistoryCyber 400400400400400500500500500500Final Round2

#BeCyberSmart: Online Safety - 100You post a picture of you and your best friend to your favorite socialmedia platform. She doesn’t feel comfortable with the image, so youagree to take it down. Will this ensure that no one else sees the picture?Answer: No. Once an image (or any information) is posted on the internet, itis virtually impossible to remove it from circulation. Taking it off of your socialmedia page will help, but there is no guarantee that others have not alreadyseen it and/or downloaded it to their own machines.After each answer appears, please return to Game Board.Back to game board3

#BeCyberSmart: Online Safety - 200You receive an email from an online shopping site claiming that you wereincorrectly charged for your last purchase and are due a refund. The emailasks you to click a link where you will submit the necessary information.What should you do?Answer: Do NOT click the link! Check the sender’s address and search thedocument for spelling/grammar mistakes. If you notice anything suspicious, theemail is likely a scam. Even if it seems legitimate, navigate to the site yourself ratherthan clicking any links.After each answer appears, please return to Game Board.Back to game board4

#BeCyberSmart: Online Safety - 300You’ve just settled into your new hotel room when you realize you need totransfer some funds from your savings account to your checking account.In order to do this, you will need to connect your laptop to the hotel’spublic Wi-Fi and log in to your online bank. Should you risk it?Answer: It depends. In general, it is never safe to transmit PII (Personally Identifiable Information),especially financial information, over a public network. If you find yourself in a situation whereyou may need to do so, first consider all your options, including using your mobile data or a VPN(Virtual Private Network) to help protect your browsing.After each answer appears, please return to Game Board.Back to game board5

#BeCyberSmart: Online Safety - 400You have a long commute. Thankfully, your train just installed public Wi-Fi. Now you canlisten to your favorite music or podcast. However, when you check for social mediaupdates around lunch, you find that your account has been hacked. What steps could youtake to prevent your mobile device or laptop data from being compromised in the future?Answer(s): Turn off Wi-Fi and Bluetooth when not using them. These technologies leave you open to remote attacks. Make sure the network is legitimate. Hackers love to create fake networks that mimic real ones, enticingunsuspecting users to log on. Don’t connect. Though perhaps drastic, one near-certain way to circumvent the dangers of public Wi-Fi issimply to avoid using it whenever possible.After each answer appears, please return to Game Board.Back to game board6

#BeCyberSmart: Online Safety - 500Passwords often have complex requirements, and most online citizens willneed to remember numerous different passwords to access their internetservices. What is a way to help you keep track of all these different passwords?Answer(s): Use a password manager. These are apps, devices, or cloud services that store yourpasswords in an encrypted vault that can only be unlocked with a single masterpassword. Use a “password pattern.” This is simply a pattern (recognizable only to you) that youcan use to help remember your passwords.After each answer appears, please return to Game Board.Back to game board7

Device Security - 100Which of the following are strong password practices? (Choose all that apply.)1. Passwords should contain a mixture of upper and lower case letters, numbers, and special characters.2. Passwords should have personal meaning to you (e.g. a relative’s birthday) so that you can rememberthem more easily.3. You should immediately change your password in the case of a known data breach.4. You should store your passwords on paper or in a text document, giving you a backup in the event thatyou forget them.Answer: 1 & 3. While it is helpful for passwords to have some level of personal relevance, anythingconcrete or publicly-available (high schools, birthdates, pets’ names, etc.) can be easily researched andguessed by an attacker. Storing your passwords physically or in a text-document is also ill-advised, assomeone could gain access to the copy.After each answer appears, please return to Game Board.Back to game board8

Device Security - 200True or false: Automatically updating your machine poses a significantsecurity concern, as it could install unwanted programs/features thatdisrupt your network or harm your computer.Answer: False. Although updates can occasionally cause problems, they also containvital patches to help protect your machine against attackers. Keep your machine upto-date and install new patches as soon as possible. Don’t click, “Remind me later,”twelve times.After each answer appears, please return to Game Board.Back to game board9

Device Security - 300True or false: Although they operate similarly to computers, mostmobile devices (cell phones, tablets, etc.) are not full computersand do not require software, such as anti-virus, to be secure.Answer: False. Almost all consumer devices, especially cell phones and tablets,are simply miniature computers. They contain important data (contacts,financial information, calendars) and require protection like any other device.After each answer appears, please return to Game Board.Back to game board10

Device Security - 400Which of the following devices could potentially be exploited by an attacker? Desktop computerLaptop computerCell phoneTelevisionRefrigeratorDigital assistantRemote-controlled keys TabletSecurity cameraPacemakerBaby monitorGPSToasterThermostatAnswer: All of them. Yes, even the toaster – possibly.After each answer appears, please return to Game Board.Back to game board11

Device Security - 500What is the method of access control by which users mustpresent multiple, separate pieces of identification, such as apassword and keycard, in order to access a system?Answer: Multi-Factor Authentication (MFA). MFA greatly increases thesecurity of access control. Even if a password is learned or an ID is stolen, itwill not be enough to compromise a system. Many online services allow MFAoptions, such as requiring a one-time login code as well as a password.After each answer appears, please return to Game Board.Back to game board12

Types of Cyber Attacks - 100A scammer creates a fake email and sends it to thousands ofpeople, hoping some of them will click on a link and give uptheir personal information. What is this type of attack called?Answer: Phishing – a type of social engineering that oftenmanipulates human impulses, such as greed, fear, or thedesire to help others.After each answer appears, please return to Game Board.Back to game board13

Types of Cyber Attacks - 200What is the term for harmful software that seeksto damage or exploit the machines that run it?Answer: Malware. This stands for “malicious software,”and refers to a large variety of software-based attacks.After each answer appears, please return to Game Board.Back to game board14

Types of Cyber Attacks - 300An attacker goes to a local coffee shop and creates a wireless networkusing the shop’s name, hoping unsuspecting customers will log on.What is this type of attack called?Answer: Spoofing. This kind of attack can come in many forms (email, GPS, callerID), but is most commonly known with regards to fake and malicious wirelessnetworks. Before logging onto a public network, be sure it is the correct one.After each answer appears, please return to Game Board.Back to game board15

Types of Cyber Attacks - 400You bring your laptop to a local restaurant. Without your knowledge,the customer at the table behind you watches you log in to youremail, thereby learning your username and password. What is thistype of attack called?Answer: Shoulder surfing. It is important to remember that not all cyber attacksrequire the direct manipulation of technology. Attackers can often obtainimportant information by simply observing people, asking questions, or piecingtogether dissociated facts to learn or guess something private.After each answer appears, please return to Game Board.Back to game board16

Types of Cyber Attacks - 500After clicking an advertisement on an unsecure website, your computerfreezes. A message appears, demanding you pay a certain amount ofmoney to unlock your computer. What is this type of attack called?Answer: Ransomware. This type of attack has grown more common in recentyears, especially against institutions that need to recover their data as soon aspossible, such as medical facilities.After each answer appears, please return to Game Board.Back to game board17

Cyber History - 100This entrepreneur is widely-known for his contributions tothe personal computer industry. He founded the MicrosoftCorporation in 1975, with his business partner Paul Allen.Answer: Bill Gates.After each answer appears, please return to Game Board.Back to game board18

Cyber History - 200Which United States federal agency has been tasked withimproving national cybersecurity and protecting the nation’scritical infrastructure?Answer: The Department of Homeland Security. Specifically, the Cybersecurityand Infrastructure Security Agency (CISA), which is responsible for protectingthe Nation’s critical infrastructure from physical and cyber threats.After each answer appears, please return to Game Board.Back to game board19

Cyber History - 300This English cryptanalyst is famous for deciphering encoded messages duringWorld War II and creating standards for artificial intelligence. He is considered bymany to be the father of theoretical computing. (Hint: There was a 2014 moviebased on his biography.)Answer: Alan Turing. Turing helped the Allies by cracking intercepted messagesfrom the German forces, gleaning information that was crucial to an Allied victory.He also created the “Turing test,” which examines a machine’s ability to displayhuman behavior à la artificial intelligence.After each answer appears, please return to Game Board.Back to game board20

Cyber History - 400This English writer and mathematician is known for her workon the Analytical Engine and is considered to be one of thefirst computer programmers.Answer(s): Ada Lovelace worked alongside Charles Babbage inthe 1840s to publish the first computer-based algorithm.After each answer appears, please return to Game Board.Back to game board21

Cyber History - 500In May 2017, this worldwide cyber attack used ransomware to exploitapproximately Cyber History 00,000 unpatched machines, resulting indamages totaling to over 4,000,000,000 (4 billion USD).Answer: WannaCry. This ransomware attack propagated through an exploit calledEternalBlue, which took advantage of older Windows systems. Targeted machineshad their data involuntarily encrypted, with a demand of Bitcoin payment for therelease thereof.After each answer appears, please return to Game Board.Back to game board22

Cyber Stats - 100Approximately how many attempted cyber attacks arereported to the Pentagon every day? (Closest answer wins.)Answer: Over 10 million.After each answer appears, please return to Game Board.Back to game board23

Cyber Stats - 200How many unfilled cybersecurity jobs are there in the United Statesalone? (Closest answer wins.)Answer: 310,000.After each answer appears, please return to Game Board.Back to game board24

Cyber Stats - 300Globally, how many unfilled cybersecurity positions arethere estimated to be by 2022? (Closest answer wins.)Answer: 1.8 Million.After each answer appears, please return to Game Board.Back to game board25

Cyber Stats - 400What is the estimated cost of a successful phishing attack on asingle small or medium-sized business? (Closest answer wins.)Answer: 1.6 Million USD.After each answer appears, please return to Game Board.Back to game board26

Cyber Stats - 500What is the estimated global cost of cybercrime by theend of 2019? (Closest answer wins).Answer: 2 Trillion USD.After each answer appears, please return to Game Board.Back to game board27

Bonus TriviaSolve this cryptogram:Answer: Connect with confidence!(This is called a Caesar cipher; since the key is 13, each letteris replaced with the letter 13 places down the alphabet.)Back to game board28

Thanks for playing!Visit warenessmonth-2019 to download the NCSAM 2019 toolkitBack to game board

National Cybersecurity Awareness Month Trivia Game #BeCyberSmart: Online Safety. 100 200 300 400 500 Device Security. 100 200 300 400 500 Types of . Cyber Attacks. 100 200 300 400 500. Cyber History. 100 200 300 400 500. Cyber Stats. 100 200 300 400 500. Final Round. 2