Hanley Wood Multifamily Group: How to Sell to the Multifamily Market
Cybersecurity Town Hall - National Multifamily Housing Council · Cybersecurity Framework Charter....
Transcript of Cybersecurity Town Hall - National Multifamily Housing Council · Cybersecurity Framework Charter....
-
@ApartmentWire#OPTECH17
@ApartmentWire#OPTECH17
Cybersecurity Town Hall
FacilitatorThomas Dryden
Chief Information Security Officer Berkadia
-
@ApartmentWire#OPTECH17
Download the Conference App on your smartphone or tablet!
Highlights Include:• Access vital conference information 24 hours/day – Agenda,
Speaker Bios, Exhibitor List, Exhibit Hall Floor Plan, Attendee List & more.
• Schedule meetings with attendees• Share comments & photos in the Activity Feed• Find Places to Eat and Things to Do in Dallas
To Download the App: Search for “NMHC Meetings” in your app store. Download the NMHC Meetings app, then select OPTECH Conference & Exposition.
-
@ApartmentWire#OPTECH17
Audience Poll #1
• How would you rate your current cybersecurity defenses?– Excellent– Very Good– Good– Fair – Poor
-
@ApartmentWire#OPTECH17
Audience Poll #2
• How likely is it that confidential information has been divulged or stolen from your company by criminals or criminal organizations or by current or former employees?– Very Likely– Likely – Possibly – Not Likely
-
@ApartmentWire#OPTECH17
Audience Poll #3
• Do you (or a consultant) engage in social engineering (testing people to divulge confidential information) and conduct cybersecurity training with company employees?– Yes– No– I Don’t Know
-
@ApartmentWire#OPTECH17
Audience Poll #4
• How much have you increased your cybersecurity expenses in the last year?– We haven’t increased our expenses– 1-10%– 10-25%– 25-50%– More than 50%
-
@ApartmentWire#OPTECH17
Audience Poll #5
• Have you added staff dedicated specifically to cybersecurity?– Yes– No
-
@ApartmentWire#OPTECH17
Audience Poll #6
• Do you have an incident response plan that includes cybersecurity?– Yes– No– I Don’t Know
-
Framework for Improving Critical Infrastructure Cybersecurity
OPTECH 2017October 25th, 2017
mailto:[email protected]
-
Cybersecurity Framework CharterImproving U.S. Critical Infrastructure Cybersecurity
February 12, 2013
“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that
encourages efficiency, innovation, and economic prosperity while promoting
safety, security, business confidentiality, privacy, and civil
liberties”
Executive Order 136362
December 18, 2014Amends the National Institute of Standards and
Technology Act (15 U.S.C. 272(c)) to say:
“…on an ongoing basis, facilitate and support the development of a
voluntary, consensus-based, industry-led set of standards,
guidelines, best practices, methodologies, procedures, and
processes to cost-effectively reduce cyber risks to critical infrastructure”
Cybersecurity Enhancement Act of 2014 (P.L. 113-274)
-
3
Development of the Framework
Engage the Framework
Stakeholders
Collect, Categorize, and
Post RFI Responses
Analyze RFI Responses
Identify Framework Elements
Prepare and Publish
Framework
EO 13636 Issued – February 12, 2013 NIST Issues RFI – February 26, 20131st Framework Workshop – April 03, 2013
Completed – April 08, 2013Identify Common Practices/Themes – May 15, 2013
2nd Framework Workshop at CMU – May 2013Draft Outline of Preliminary Framework – June 2013
3rd Workshop at UCSD – July 20134th Workshop at UT Dallas – Sept 2013
5th Workshop at NC State – Nov 2013Published Framework – Feb 2014
Ongoing Engagement:
Open public comment and review encouraged
and promoted throughout the
process…and to this day
-
Key AttributesIt’s voluntary• Is meant to be customized.It’s a framework, not a prescriptive standard• Provides a common language and systematic methodology
for managing cyber risk. • Does not tell an organization how much cyber risk is tolerable,
nor provide “the one and only” formula for cybersecurity.It’s a living document• Enable best practices to become standard practices for
everyone
• Evolves faster than regulation and legislation• Can be updated as stakeholders learn from implementation• Can be updated as technology and threats changes. 4
-
Cybersecurity Framework Components
Describes how cybersecurity risk is managed by an organization
and degree the risk management practices exhibit key characteristics
Aligns industry standards and best practices to the Framework Core in an implementationscenario
Supports prioritizationand measurementwhile factoring inbusiness needs
Cybersecurity activities and informative
references, organized around particular
outcomes
Enables communication of cyber risk across
an organization
Framework Core
Framework Implementation
Tiers
Framework Profile
5
-
Implementation Tiers
6
1 2 3 4Partial Risk
InformedRepeatable Adaptive
Risk Management
Process
The functionality and repeatability of cybersecurity risk management
Integrated Risk Management
Program
The extent to which cybersecurity is considered in broader risk management decisions
External Participation
The degree to which the organization benefits my sharing or receiving information from outside parties
6
-
Intel Adaptation of Implementation Tiers
7
1 2 3 4Partial Risk
InformedRepeatable Adaptive
People Whether people have assigned roles, regular training, take initiative by becoming champions, etc.
Process NIST Risk Management Process +NIST Integrated Risk Management Program
Technology Whether tools are implemented, maintained, evolved, provide effectiveness metrics, etc.
Ecosystem NIST External Participation +Whether the organization understands its role in the ecosystem, including external dependencies with partners
7
-
CoreA Catalog of Cybersecurity Outcomes
Function
What processes and assets need protection?
Identify• Understandable by
everyone• Applies to any type of risk
management• Defines the entire breadth
of cybersecurity• Spans both prevention and
reaction
What safeguards are available? Protect
What techniques can identify incidents? Detect
What techniques can contain impacts of
incidents?Respond
What techniques can restore capabilities? Recover
8
-
CoreA Catalog of Cybersecurity Outcomes
Function Category
What processes and assets need protection?
Identify
Asset ManagementBusiness EnvironmentGovernanceRisk AssessmentRisk Management Strategy
What safeguards are available? Protect
Access ControlAwareness and TrainingData SecurityInformation Protection Processes & ProceduresMaintenanceProtective Technology
What techniques can identify incidents? Detect
Anomalies and EventsSecurity Continuous MonitoringDetection Processes
What techniques can contain impacts of
incidents?Respond
Response PlanningCommunicationsAnalysisMitigationImprovements
What techniques can restore capabilities? Recover
Recovery PlanningImprovementsCommunications 9
-
A Common LanguageFoundational for Integrated Teams
ID PR DE RS RC
10
IDPRDERSRC
CybersecurityProfessionals
Highly technical and specialized language
SeniorExecutives
IT, Contracts, Marketing,
BusinessProfessionals
-
Core – ExampleCybersecurity Framework Component
11
Function Category Subcategory Informative Reference
Identify Business Environment
ID.BE-3: Priorities for organizational
mission, objectives, and activities are established and communicated
COBIT 5 APO02.01, APO02.06, APO03.01ISA 62443-2-1:2009 4.2.2.1, 4.2.3.6NIST SP 800-53 Rev. 4 PM-11, SA-14
11
-
12
Core – ExampleCybersecurity Framework Component
Function SubcategoryCategory Informative Reference
-
ProfileCustomizing Cybersecurity Framework
14
Identify
Protect
Detect
Respond
Recover
Ways to think about a Profile:• A customization of the Core for a
given sector, subsector, or organization
• A fusion of business/mission logic and cybersecurity outcomes
• An alignment of cybersecurity requirements with operational methodologies
• A basis for assessment and expressing target state• A decision support tool for cybersecurity risk
management
-
Cybersecurity Program ObjectivesThree Things All Cybersecurity Programs Must Do
• Support Mission/Business Objectives
• Fulfill Cybersecurity Requirements
• Manage Vulnerability and Threat Associated with the Technical Environment
15
-
Profile Foundational InformationA Profile Can be Created from Three Types of Information
17
Subcategory12…98
CybersecurityRequirements
LegislationRegulation
Internal & External Policy
Technical Environment
ThreatsVulnerabilities
1
2 3
Business Objectives
Objective 1Objective 2Objective 3
OperatingMethodologies
Controls CatalogsTechnical Guidance
-
Framework Seven Step ProcessGap Analysis Using Framework Profiles
• Step 1: Prioritize and Scope• Step 2: Orient• Step 3: Create a Current Profile• Step 4: Conduct a Risk Assessment• Step 5: Create a Target Profile• Step 6: Determine, Analyze, and Prioritize Gaps• Step 7: Implementation Action Plan
18
-
Resource and Budget DecisioningWhat Can You Do with a CSF Profile
19
Sub-category Priority Gaps Budget
Year 1 Activities
Year 2 Activities
1 moderate small $$$ X2 high large $$ X3 moderate medium $ X… … … …98 moderate none $$ reassess
As-Is Year 1To-Be
Year 2To-Be
…and supports on-going operational decisions too
-
Supporting Risk Management with Framework
20
-
Next StepsFramework Update
Key features of this second draft will include:• Update to the measurement section to refine and summarize
self-assessment concepts (Section 4)• Integration of the proposed Cyber Supply Chain Risk
Management Implementation Tier language into some combination of the other three Implementation Tier properties
• Refinement and clarification within Communicating Cybersecurity Requirements with Stakeholders (Section 3.3)
• Removal of U.S. federal government applicability statements (Section 3.7)
• An additional subcategory in the PR - Access Control subcategory to address authentication
30
-
Next StepsProgram Focus
• Federal agencies
• Small- and Medium- sized Businesses (SMBs)
• International organizations, including: • Companies with presence or business outside the U.S.• Other governments• International organizations
• Regulators at federal and state levels
31
-
Next StepsStakeholder Recommended ActionsStakeholders should consider activities to:• Customize Framework for your sector or community• Publish a sector or community Profile or relevant
“crosswalk” • Advocate for the Framework throughout your sector
or community, with related sectors and communities. • Publish “summaries of use” or case studies of your
Framework implementation.• Submit a paper during the NIST call for abstracts• Share your Framework resources with NIST at
32
mailto:[email protected]
-
The National Institute of Standards and Technology Web site is available at http://www.nist.gov
NIST Computer Security Division Computer Security Resource Center is available at http://csrc.nist.gov/
The Framework for Improving Critical Infrastructure Cybersecurity and related news and information are available at www.nist.gov/cyberframework
NISTIR 7621-r1 Small Business Information Security: The Fundamentalshttp://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf
For additional Framework info and help [email protected]
ResourcesWhere to Learn More and Stay Current
http://www.nist.govhttp://csrc.nist.gov/http://www.nist.gov/cyberframeworkhttp://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdfmailto:[email protected]
-
@ApartmentWire#OPTECH17
@ApartmentWire#OPTECH17
PHISHIN’
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
JetBlues We sent a phish that coincided with the timeframe when many people were making flight arrangements to attend the annual Windsor Operations conference. This is a classic phishing strategy- send a topical note and hope the recipient lets their guard down enough to have them open it.
What the email would have looked like in the email program:
-
@ApartmentWire#OPTECH17
Campaign Results:Of 334 sent:
84 (25%) looked at it in their native inbox (not the preview pane)
16 (5%) clicked on the image
5 (1%) clicked on the image more than once
What the image would have looked like if you clicked on it:
-
@ApartmentWire#OPTECH17
Johnny Walker 1/13/16
Happy 2016!!! Thanks to Lincoln Property Company Rent Aliens became the fastest growing Internet Listing Service (ILS) company in the United States in 2015!!!
To show our gratitude to Lincoln, we are so excited to offer the first 15 people that sign up 2 Justin Bieber concert tickets for the SOLD OUT SHOW on April 10 at the American Airlines Center in Dallas.
The first 15 people that sign up will get the tickets but we also have a Grand Prize drawing for 2 tickets near the front row insection 14 at the AAC. So even if you don't win the first 15 sets of tickets you are eligible for the Grand Prize drawing on Jan. 29.
Click HERE to sign up for a chance to win tickets. We will call winners today so be closeto your phone! If you don’t win we’ll email you with a list of the winners but rememberyou are still entered in the Grand Prize contest.
Good luck!Johnny WalkerPresident – Rent Aliens
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
Other PhishableTrouble Topics• Banking• Dropbox limits• Email Full• “from the Boss”
• Sporting Events• Holidays• Current event-related• Fake urgency
Sample sports- related phish, 32% open, 8% clickthru
-
@ApartmentWire#OPTECH17
Urgent - Suspicious Login Identified on your Yardi Account
Cyber Security
The Yardi Cyber Security team has identified a suspicious login using your login credentials. We need to validate your account has not been compromised; click here to verify your identity.
Thank You.
The Yardi Cyber Security Team
https://urldefense.proofpoint.com/v2/url?u=https-3A__oprchmvnnw.formstack.com_forms_yardi&d=DwMFaQ&c=xuWUgJroJguSW8M0GUujMm-5t-xOBHaXU_PgeSXOGSk&r=tEzbksRdXeA1tnmlcFpnbQ&m=g8pXkgZc73spJEkE_A8EU58vWN0b05T55uv4mXFe6rQ&s=Aw7JXczuDqIlvja7McMfeuBe-vknoNP7aYI2z9jgpT4&e=
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
-
@ApartmentWire#OPTECH17
How to Educate Repeat Offenders
• Teachable Moment at the time of phishing error• Keep detailed statistics and report to supervisor if the person:
• Clicks on two in a row• Falls for a “special phish”
• Send them a personal note with a one page refresher:
• Personal call from the Boss• Termination
-
@ApartmentWire#OPTECH17
Courtesy https://www.knowbe4.com/what-is-social-engineering/
How to Educate Repeat Offenders
One page refresher:
-
@ApartmentWire#OPTECH17
Securing and Protecting Your Users
1.8 Million linksand attachments
blocked YTD
SuccessfulLogin
IT
SystemsEnter Code
-
@ApartmentWire#OPTECH17
PHISHIN’
-
THE RANSOMWARE THREAT
Kirk DowneyManaging Partner
-
Brief history of ransomware
Source: “The History of Ransomware”,Ryan Francis, CSO Magazine, July 2016
First one:
AIDS Trojan
Biggest one to date:
CryptoLockerSpread via Zeus bot-net
JavaScript only:
RAA and Locky JSDifficult to detect by Antivirus
WannaCry, Petya/NotPetya: based on stolen NSA tools
Doxware: pay us or we’ll expose all your private data
Ransomware accomplice: you don’t have to pay us if you help spread malware
Emergingtrends:2017 &beyond
-
Ransomware: what does it do?• Usually launched through phishing email.
• User clicks on an email file attachment or link to malicious Web site.
• A dropper either installs the malware directly or downloads it from an external site and installs.
• Obfuscation (hiding the contents) & polymorphism (changing how it looks each time it infects) make it hard to spot by antivirus.
• Once installed, it begins encrypting (scrambling contents of) your data files.
Command &ControlServer
Spearphishing
emailInternet
-
What ransomware does• Encrypts files with these extensions:
.doc, .xls, .rtf, .pdf, .jpg,
.mdb, .png, .csv, .zip, .rar
• Skips directories with the following:Windows, RECYCLER, Program Files, Program Files (x86), Recycle.Bin, APPDATA, ProgramData, Microsoft
Why? So that it doesn’t encrypt itself!
• Encrypted files have new file extension, such as “.encrypted” or “.locked”
• Demands a payment in some form of cryptocurrency (e.g., Bitcoin) to get decryption key.
Why? Anonymous and untraceable payments.
-
Other bad stuff ransomware doesEver seen a Windows Blue Screen of Death?
Windows tries to address this by creating volumesnapshots to allow you to restore back to a certain point before crash occurred.
Some modern malware tries to stop or delete the Windows built-in backup service called Volume Snapshot Service (VSS)
Makes it more difficult to revert to a ”clean” (or pre-infected) version.
Also, some malware installs a keystroke logger or other surveillance software to steal sensitive data.
-
Countermeasures, part 1• Backup regularly and keep a recent backup copy
off-line and off-site
i.e., not co-located in the server room!
• Backups must go back further than six months“Sleeper” ransomware can stay dormant for months
• Test full backup restoresYou never know if your backups are any good if you don’t attempt to restore them.
• Encrypt your backupsTake lesson from TriCare/SAIC stolen backup tape case - resulted in $4.9 Billion lawsuit!
-
• Continuous surveillance with Security Information and Event Management (SIEM)
Looks for malicious behavior both at the host & network level.
Needs to be watched/babysat 24/7 by trained analysts (consider outsourced SOC services).
• Train your people not to be phishing victimsContinuous phishing training reduces click-through rate from 25% down to 1%.
Countermeasures, part 2
Wed 230-345 PM_Cybersecurity Town Hall_Dryden_MarinersCybersecurity Town Hall Download the Conference App on your smartphone or tablet!Audience Poll #1Audience Poll #2Audience Poll #3Audience Poll #4Audience Poll #5Audience Poll #6
Wed 230-345 PM_Cybersecurity Town Hall_Fisher_MarinersSlide Number 1Cybersecurity Framework Charter�Improving U.S. Critical Infrastructure CybersecurityDevelopment of the FrameworkKey AttributesCybersecurity Framework ComponentsImplementation TiersIntel Adaptation of Implementation TiersCore�A Catalog of Cybersecurity OutcomesCore�A Catalog of Cybersecurity OutcomesA Common Language�Foundational for Integrated TeamsCore – Example�Cybersecurity Framework ComponentSlide Number 12Profile�Customizing Cybersecurity FrameworkCybersecurity Program Objectives�Three Things All Cybersecurity Programs Must DoProfile Foundational Information�A Profile Can be Created from Three Types of InformationFramework Seven Step Process�Gap Analysis Using Framework ProfilesResource and Budget Decisioning�What Can You Do with a CSF ProfileSupporting Risk Management with FrameworkNext Steps�Framework UpdateNext Steps�Program FocusNext Steps�Stakeholder Recommended ActionsResources�Where to Learn More and Stay Current
Wed 230-345 PM_Cybersecurity Town Hall_Phishing_MarinersSlide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5�Campaign Results:� Of 334 sent:��84 (25%) looked at it in their native inbox (not the preview pane)��16 (5%) clicked on the image��5 (1%) clicked on the image more than once�Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Securing and Protecting Your UsersSlide Number 17
Wed 230-345_Cybersecurity Town Hall_ransomware_threat and best practicesTHE Ransomware THREATBrief history of ransomwareRansomware: what does it do?What ransomware doesOther bad stuff ransomware doesCountermeasures, part 1Slide Number 7