How to Minimize Cyberattack
DamagePresented by:
Jeffrey Ziplow – Partner
David Nowacki - Manager
Five-Part Cybersecurity Webinar Series
2
Click to add text
WannaCry – spreads around the world!!
Equifax – Apache not Patched
2005 2012 2013
Q1 Q2 Q3 Q4
2014
Q1 Q2 Q3 Q4
2015
Q1 Q2 Q3 Q4
2016
Q1
-
Gpcoder
Reveton
Kovter
Urausy
Nymaim
Cryptowall
Browlock
Linkup
Slocker
CTB-Locker/Citron
Synclocker
Onion
TorrentLocker
Zerolocker
Coinvault
TeslaCrypt
BandarChor
Cryptvault
Tox
Troldesh
Encryptor RaaS
CryptoApp
LockDroid
LowLevel404
CryptInfinite
Unix.Ransomcrypt
Radamant
VaultCrypt
XRTN
Cryptolocker2015
Simplocker
Pacman
Virlock
Pclock
Threat Finder
Hidden Tear
ORX-Locker
Dumb
Maboua OSX POC
Power Worm
DMA-Locker
Gomasom
Chimera Locker Ginx
Ransom32 73v3n
CryptoJocker
LeChiffre
Nanolocker
Magic
Locky
Vipasana
Hi Buddy
Job Cryptor
PayCrypt
KeRanger
Umbrecrypt
Hydracrypt
» The World Economic Forum classifies cybercrime as a “Top Global Risk”.
» 85% of business assets are in digital form
» 68% of funds lost in a breach are declared unrecoverable
» Small businesses are a target.
» Easy target for cybercriminals.
» Systems as a secret doorway into their corporate partners’ networks.
» Experience a higher proportion of cybercrime costs
» Experience the disruptive effects of data breaches both immediately and in the long term
» Any device connected to the Internet can be hacked.
» Devices offer hackers quick access to businesses’ data through unsecured Wi-Fi networks
» Compromised IoT devices and turn them into “bots” to use in future attacks
» Adequate security protocols do not yet exist
» Over 75% of all cyberattacks target known vulnerabilities
8
» Lack of updating (patching) software and O/S
» Lack of password length, rotation and/or complexity
» Missing anti-virus/spyware updates or software not working
» Inadvertent Actors Responding to Phishing emails
» Inability to identify ransomware before attack
» Lack of employee training and/or user education
» System alerts and logs are not monitored
Remediate – Critical Security Controls
• Conduct an data inventory assessment
• What kind of personal, confidential and/or restricted data does your business have?
• How is that data handled and protected? Who has access to that data?
• Is the data encrypted in transit and at rest?
• Confirm documented policies and procedures
• Do employees recognize importance of data security protocols?
• Control (and monitor) employee access to sensitive data
• Keep to a “least privilege” necessary method
• Evaluate your vendor contracts
• Validate their commitments to protecting your data
10
11
• Confirm documented policies & procedures
• Written Information Security Program (WISP)
• Documents policies & procedures for securing and protecting the network
• Patching and Vulnerability Management
• Password and User Policies
• Configuration Management / Device & Software Hardening
• Perimeter Security, Incident Detection, Data Leakage Prevention
• Provides policies for accessing, collecting, storing, using, transmitting and protecting personal information
• New hire and Termination process/program
• Disaster Recovery/Business Continuity
• Bring Your Own Device (BYOD)
• Incident Response Plan
NIST – National Cyber Security Framework – Self Assessment
13
Access
Management
PERIMETER
APPLICATION
NETWORK
Host
DATA
Encryption
Access
Control
Input Validation
Host IDs
Vulnerability Assessment
Access Control
Virus ProtectionVulnerability AssessmentAccess Control
Intrusion DetectionIntrusion Prevention
Vulnerability AssessmentAccess Control
FirewallVPNEncryptionAccess Control
LAYERED
SECURITY
FRAMEWORK
14
Core Objectives
• Develop and demonstrate foundational-level knowledge of cybersecurity
• Confirm understanding of policies and procedures
• Employ best practices to protect privacy and data
• Identify and report potential cybersecurity and privacy incidents promptly
• Recognize common threats:
• Phishing
• Business Email Compromise
• Insecure Browsing
• Data Leakage
15
Preparation
Identification
Containment
Eradication
Recovery
16
• Document security policy & incident handling procedures
• Build a team
• Confirm contact information & security channels
• Who needs to be contacted (Attorney, AG office)
• Proactive Monitoring
• Alert Log Retention
• Vulnerability Monitoring
• Incident prevention
• Perform risk assessment
• Patch management
» Demonstrate proactive support for cybersecurity
» Roadmap to Improve Security Programs and Practices
» Create a culture of cyber security
» Emphasize its importance (tone at the top)
» Resource it appropriately (budget and people)
» Chat regularly with your CISO
» Discuss the organization’s current security posture, threats and risks, and needs
» Leverage Consultants and Advisors
» Follow processes and security safeguards
» Perform a vulnerability assessment
» Layer security protocols
» Train employees
18
Jeffrey Ziplow – MBA, CISA, CGEIT
Partner
BlumShapiro
860.561.6815
David Nowacki–CISA, CIA
Manager
BlumShapiro
860.561.6811
Top Related