am i too small to be a target
play

Am I Too Small To Be A Target? Cybersecurity Issues for Small - PowerPoint PPT Presentation

Aug 21, 2023 •151 likes •718 views

Am I Too Small To Be A Target? Cybersecurity Issues for Small Businesses A Special Presentation For <Name> Date Location Special thanks to Your Speaker Bob Weiss MCSE, A+, CEH Senior Cybersecurity Engineer at CIT

  3. Am I Too Small To Be A Target? Cybersecurity Issues for Small Businesses

  4. A Special Presentation For <Name> • Date • Location • Special thanks to

  5. Your Speaker – Bob Weiss MCSE, A+, CEH • Senior Cybersecurity Engineer at CIT • Certified Ethical Hacker – 2013 • Cybersecurity Blogger @ wyzguyscybersecurity.com and cit-net.com/tech-talk/

  6. CIT Cybersecurity Services • Cybersecurity Awareness Training • Security Audits • Vulnerability Assessments • Penetration Testing • Computer Forensics • Incident Response

  7. Agenda • Typical Exploits • Cybersecurity Preparedness • Incident Response Plan • Cost of Cybercrime • Training • Examples of SMB Crimes • Passwords • Legal Issues • Email • Compliance Issues • Banking – PCI/DSS – HIPAA • Encryption – GLBA

  8. What’s happening out there?

  9. Plan for the attack • You will be hacked (if you haven’t been already) • You may not know when it happens. • You may be informed by your customer, credit card processor or government regulator • You may be fined • You may be sued • You may end up in the news

  10. Typical Exploits • Phishing for user passwords or remote access • Hijacking a computer to use in a bot-net • Spamming to sell illegal or fraudulent products • Stealing intellectual property • Thefts from online bank and financial accounts

  11. Typical Exploits • Distribution of malware to other computers • Posting confidential information on the Internet • Holding critical information for ransom • Attacking critical network infrastructure to disrupt operations

  12. Typical Exploits • Theft of data – all data has value! – User credentials – Employee data – Customer data – Patient data – Financial data – Proprietary information

  13. Other Cyber Security Issues • Politically Motivated Attacks and Hacktivism – Anonymous, Lulz Sec • Cyber-Warfare – Stuxnet and Flame – Ukrainian electric utilities • Government Sponsored Cyber Spying – NSA – China

  14. Top Two Attack Vectors • Email – Clickable Links and Attachments – Phishing and Spear-phishing • Web Sites – Malware distributed by compromised legitimate sites. – Spoofed or cloned sites – Search redirection malware

  15. Cost of Cyber-crime • Average annual loss per employee - $1500 • In 2015, $400 billion in losses worldwide • 96% of small businesses unprepared for cyber attack (Ernst and Young 2013 Survey)

  16. Small Business Targets

  17. Small Businesses in crosshairs • SMBs targeted by cyber-criminals • More money in the bank than individuals • Less security than larger enterprise businesses. • Employees have little or no training about cyber security. • Easy to exploit

  18. NC Fuel Company Loses $800 K • 15 employee fuel distribution company. • Monthly payroll of $60,000 • Thieves gained access to bank account using compromised password • Bank had recently made changes to its security process to make online banking “easier.” • Insurance only covered a portion of the loss.

  19. CA Escrow Company loses $1.5 M • 9 person company • 3 electronic transfers of about $500k each • One in Dec 2012 and two in Jan 2013 • Bank provided two factor authentication, but it wasn’t working at the time. • Although this company had never transferred funds overseas, bank did not question large transfers – even after the first was reported! • Company in receivership.

  20. Construction Company Loses $500K • $447,000 dollars was stolen from Ferma, a California construction company. • A banking Trojan such as Zeus, downloaded from a web site. • A Ferma employee logs into their bank's on-line financial Web portal. • After authentication was confirmed, the employee begins making legitimate payments. • At the same time, the Zeus Trojan made 27 fund transfers totaling $447,000 to various bank accounts.

  21. HVAC Vendor Opens Door For Target Xmas Attack • Fazio Mechanical small HVAC contractor to Target • Phishing email installed password stealing malware • Target network credentials stolen • Over 17 days between Thanksgiving and Dec 15, cyber- thieves accessed Target’s POS system and collected credit card transaction information on 40 million customers.

  22. Slovenian Gang Target Small Business • Spoofed email sent looking like it came from a bank or a tax authority warning of late payment. • Clicking on the link in the email installed a remote access Trojan horse program • Thieves watched computer for online banking activity. • Withdrawals timed to occur on Friday or before a holiday • Group netted $2.5 million.

  23. Regulatory Compliance and Legal Issues

  24. Legal Issues • Regulatory fines • Civil suits • Cyber insurance may not cover “willful negligence” • Cybersecurity or computer use policy • Incident Response Plan

  25. PCI/DSS • Payment Card Industry Data Security Standard v3.1 – Build and maintain a secure network – Protect cardholder data – Maintain vulnerability management program – Implement strong access control measures – Regularly monitor and test networks – Maintain information security policy

  26. PCI/DSS Penalties • Non-compliant companies can be fined $5000 to $100,000 per month • $50-$90 per cardholder record compromised • Brand and reputation damage • Civil litigation

  27. HIPAA • Health Insurance Portability and Accountability Act • Regulates patient information – Access – who can read it – Transmission – how data is transferred from location to location – Storage – how and where data is stored • Business Associate – CIT employees need to be trained and certified if they have contact with patient information

  28. HIPAA Violation Penalties • Accidental - $100 per violation – annual max $25,000 • For cause - $1000 per violation – annual max $100,000 • Willful neglect - $10,000 per violation – annual max $250,000 • Uncorrected willful neglect - $50,000 per violation – annual max $1.5 million

  29. GLBA • Gramm-Leach-Bliley Act • Financial Privacy Rule – Consumers need to be informed how their information is used and may opt out of information sharing • Safeguards Rule – Consumer information security plan and implementation • Pretexting Provisions – Systems and training to defeat social engineering

  30. GLBA Penalties • The penalties for violating the GLBA are quite severe: – A financial institution can be fined up to $100,000 for each violation – The officers and directors can be fined up to $10,000 for each violation – Criminal penalties include imprisonment for up to 5 years, a fine, or both – If the GLBA is violated at the same time that another federal law is violated, or if the GLBA is violated as part of a pattern of any illegal activity involving more than $100,000 within a 12-month period, the violator's fine will be doubled and he or she will be imprisoned for up to 10 years

  31. Policy Considerations

  32. Cybersecurity Preparedness • Patch • Backup • Keep antimalware software updated • Enforce good password policy • Use two factor authentication when possible • Create alertness through training and events

  33. Incident Response Plan – Before the Breach • Plan to be attacked • Know who is in charge • Have a cybersecurity expert on retainer • Review insurance coverage • Review legal requirements and exposure • Plan for a media response

  34. Incident Response Plan – After the Breach • Find out what happened – review your logs • Remove affected devices from network • Save affected devices for forensics – do not wipe drives! • Report to the police and Internet Crime Complaint Center • Responding to media – be brief but truthful

  35. Creating a More Secure Environment

  36. Train Your Staff • Train your employees in the fundamentals of cybersecurity. • Create a data practices policy for your employees. • Even the most sophisticated security defenses cannot prevent a malware breach that is permitted when an employee clicks on a malicious link in an email.

  37. The Basics • Internet security software on every computer • Hardware firewall – blocks attacks from outside • Intrusion Detection System ( IDS ) – detects attack traffic both outside and inside the network • Security information and event management ( SIEM ) - provides real-time analysis of security alerts generated by network hardware and applications

  38. Password policy • 10 characters or longer – 8 character passwords can be cracked in under 12 hours – 10 character passwords take several centuries. • No dictionary words in any language • Use complexity rules, at least one from each group – UPPER CASE – lower case – Num63r5 – $ym%o!s* _- ! @ # $ % & *

  39. Advanced Password policy • Character substitution (p@5$w0#d) • Use passphrase (i.e. @mBwu10cPW! = “at my business we use 10 character pass words”) • Use two-factor authentication when available • Check password at Passfault (passfault.com) • Nothing will matter if you lose your plain text password to a keylogger or phishing exploit

Recommend

Small Word Experiment Siwen Zhang Milgrams Small World Experiment Instructions: Given a

Small Word Experiment Siwen Zhang Milgrams Small World Experiment Instructions: Given a

Small Word Experiment Siwen Zhang Milgrams Small World Experiment Instructions: Given a target individual(stockbroker in Boston) , pass the message to a person you correspond with who is closest to the target. Milgrams Small World

321 views • 13 slides
unido.org/statistics Target and indicators related to small scale industry Shyam Upadhyaya UNIDO

unido.org/statistics Target and indicators related to small scale industry Shyam Upadhyaya UNIDO

unido.org/statistics Target and indicators related to small scale industry Shyam Upadhyaya UNIDO 01/04/2016 unido.org/statistics Target and indicators 9.3 Target Selected indicators Computation 9.3 Increase the access of 9.3.1 Proportion

243 views • 6 slides
Jake Blacksten Technology Business Advisor Jacobb@udel.edu Small Businesses are a Target 43% of

Jake Blacksten Technology Business Advisor Jacobb@udel.edu Small Businesses are a Target 43% of

Jake Blacksten Technology Business Advisor Jacobb@udel.edu Small Businesses are a Target 43% of breaches involved small 56% of breaches took months or longer to businesses discover 43% 44% 56% 57% Source: 2019 Verizon Data Breach Report

294 views • 18 slides
O HIO JV www.alcoresenior.com 1 We develop Senior Care and housing in small towns. Target

O HIO JV www.alcoresenior.com 1 We develop Senior Care and housing in small towns. Target

O HIO JV www.alcoresenior.com 1 We develop Senior Care and housing in small towns. Target middle American values. Middle income. Principal has developed in excess of 15 similar properties, all using conduit bond financing We are great

448 views • 20 slides
PRESENTATION 2019 01 BUSINESS MODEL AND TARGET BUSINESS MODEL TARGET CLIENTS FAMILY FAST

PRESENTATION 2019 01 BUSINESS MODEL AND TARGET BUSINESS MODEL TARGET CLIENTS FAMILY FAST

PRESENTATION 2019 01 BUSINESS MODEL AND TARGET BUSINESS MODEL TARGET CLIENTS FAMILY FAST GROWING FIRMS COMPANIES SMALL COMPANIES INNOVATIVE OF BIG GROUPS STARTUP 02 SERVICES SERVICES FINANCIAL ADVISORY EQUITY DEBT SOFT LOANS

439 views • 9 slides
PRESENTATION 2019 01 BUSINESS MODEL AND TARGET BUSINESS MODEL TARGET CLIENTS FAMILY FAST

PRESENTATION 2019 01 BUSINESS MODEL AND TARGET BUSINESS MODEL TARGET CLIENTS FAMILY FAST

PRESENTATION 2019 01 BUSINESS MODEL AND TARGET BUSINESS MODEL TARGET CLIENTS FAMILY FAST GROWING FIRMS COMPANIES SMALL COMPANIES INNOVATIVE OF BIG GROUPS STARTUP 02 SERVICES SERVICES GROWTH CFO EQUITY DEBT SOFT LOANS CORPORATE

250 views • 10 slides
ALIEN AUTOPSY Summer Reading 2019 Target Audience: 4 th 6 th grade students Supplies:

ALIEN AUTOPSY Summer Reading 2019 Target Audience: 4 th 6 th grade students Supplies:

ALIEN AUTOPSY Summer Reading 2019 Target Audience: 4 th 6 th grade students Supplies: Gelatin mold Gelatin preferably orange or lime flavored Alien organs Cooked spaghetti, googly eyes, small toys, small candies,

421 views • 7 slides
Eyes on target Hands together Elbows relaxed Feet shoulder-width apart Balanced Hands can go

Eyes on target Hands together Elbows relaxed Feet shoulder-width apart Balanced Hands can go

Comfortable Eyes on target Hands together Elbows relaxed Feet shoulder-width apart Balanced Hands can go over head or stay in front of body Little or no head movement with eyes remaining on target Weight remains centered Small step to the

838 views • 21 slides
Protect Your Small Business From Cyber Attacks Presenter: Jacob Blacksten Technology Business

Protect Your Small Business From Cyber Attacks Presenter: Jacob Blacksten Technology Business

Protect Your Small Business From Cyber Attacks Presenter: Jacob Blacksten Technology Business Advisor, Delaware SBDC 01/01/2018 www.delawaresbdc.org Small Businesses are a Target 68% of breaches took months or longer to 58% of data breach

529 views • 25 slides
Achievements: Poster Presentations in 2019 Leptomeningeal metastasis: A A novel target for

Achievements: Poster Presentations in 2019 Leptomeningeal metastasis: A A novel target for

Achievements: Poster Presentations in 2019 Leptomeningeal metastasis: A A novel target for non-small cell Atrial Fibrillation is associated with solitary presentation of late relapsed lung cancer massive pulmonary embolism. - ACP

57 views • 3 slides
Re-Open S martly with Confidence Jeri Denniston Small Business Development Center At Yavapai

Re-Open S martly with Confidence Jeri Denniston Small Business Development Center At Yavapai

Re-Open S martly with Confidence Jeri Denniston Small Business Development Center At Yavapai College Re-Open S martly with Confidence Enable safe GOAL re-opening in small _____________ gatherings Target Date Economy improves Then

439 views • 4 slides
HERE FOR GOOD D AVID HUGHES , ENERGY MANAGEMENT Target Overview May 1, 1962 - First Target

HERE FOR GOOD D AVID HUGHES , ENERGY MANAGEMENT Target Overview May 1, 1962 - First Target

TARGET HERE FOR GOOD D AVID HUGHES , ENERGY MANAGEMENT Target Overview May 1, 1962 - First Target location opens in Roseville, MN 1,752 Stores 251 SuperTargets 1,501 PFresh + General Merchandise 37 Distribution Centers 232 million retail

302 views • 14 slides
Target Formula Re-evaluation Target Formula Background Target formula is used to distribute

Target Formula Re-evaluation Target Formula Background Target formula is used to distribute

Target Formula Re-evaluation Target Formula Background Target formula is used to distribute federal funding to the eight ATPs Current formula was developed in 1996 Reauthorization of federal transportation funding Assess how to

968 views • 39 slides
Target Risk vs. Target Date Funds in 401(k) Plans: Maybe the answer is both January 14, 2015

Target Risk vs. Target Date Funds in 401(k) Plans: Maybe the answer is both January 14, 2015

Target Risk vs. Target Date Funds in 401(k) Plans: Maybe the answer is both January 14, 2015 Outline What are Target Risk Funds? What are Target Retirement Date (TRD) Funds? Plan Adoption Trends: Target Risk vs. TRD Are Target Risk

354 views • 10 slides
Semi-Heuristic Target-Based Fuzzy Target . . . Fuzzy Target . . . Fuzzy Decision Procedures:

Semi-Heuristic Target-Based Fuzzy Target . . . Fuzzy Target . . . Fuzzy Decision Procedures:

Traditional Approach . . . Traditional Approach . . . Fuzzy Target . . . Semi-Heuristic Target-Based Fuzzy Target . . . Fuzzy Target . . . Fuzzy Decision Procedures: Analyzing the Problem Our Main Idea Towards a New Interval How To

398 views • 12 slides
Open Day, July 2020 Abhishek Balam Monthly Target for July Contributing To ERPNext ! 1 Big

Open Day, July 2020 Abhishek Balam Monthly Target for July Contributing To ERPNext ! 1 Big

Open Day, July 2020 Abhishek Balam Monthly Target for July Contributing To ERPNext ! 1 Big Feature ! 9 Internal Issues (Created and Fixed) Process Statement Of Accounts Improved (PR #22901) Delivery: 2 Small Kersten Tasks 1. Opportunity Type

1.95k views • 178 slides
LBNE 1.2MW Target NBI 2014 Presented by Brian Hartsell LBNE Target - Introduction Target

LBNE 1.2MW Target NBI 2014 Presented by Brian Hartsell LBNE Target - Introduction Target

LBNE 1.2MW Target NBI 2014 Presented by Brian Hartsell LBNE Target - Introduction Target Relevant parameters for 1.2MW target operation: 120 GeV: 7.5e13 ppp, 1.2 sec cycle time 80 GeV: 7.5e13 ppp, 0.8 sec cycle time 2 First pass -

554 views • 17 slides
Title content RESEARCH CENTER FOR BIOLOGI Title Target &amp; Activities content 2012

Title content RESEARCH CENTER FOR BIOLOGI Title Target &amp; Activities content 2012

Title content RESEARCH CENTER FOR BIOLOGI Title Target &amp; Activities content 2012 : Small Grant from GBIF and Mentorship Program from JBIF Complete Indonesia Biodiversity Information Flora Data collecting in LIPI

508 views • 11 slides
Target NEO 2 Workshop Summary Rich Dissly, Ball Aerospace Cheryl Reed, APL And Target NEO 2

Target NEO 2 Workshop Summary Rich Dissly, Ball Aerospace Cheryl Reed, APL And Target NEO 2

Target NEO 2 Workshop Summary Rich Dissly, Ball Aerospace Cheryl Reed, APL And Target NEO 2 Co-Chairs 10/7/2013 Target NEO 2 - Summary for DPS 1 Previously Target NEO (1) Workshop was in Feb, 2011 at GWU Motivated at the time by

587 views • 36 slides
T2K target T. Nakadaira for J-PARC neutrino construction group T2K collaboration 1 Outline

T2K target T. Nakadaira for J-PARC neutrino construction group T2K collaboration 1 Outline

T2K target T. Nakadaira for J-PARC neutrino construction group T2K collaboration 1 Outline Overview of J-PARC -target Status of T2K target (after NBI2012 report) Target replacement: No.1 No.2 O 2 monitoring of cooling He Reducing the

265 views • 15 slides
Progress With Manufacturing the 1 st Target Module for ISIS TS1 Project Leslie Jones Target

Progress With Manufacturing the 1 st Target Module for ISIS TS1 Project Leslie Jones Target

Progress With Manufacturing the 1 st Target Module for ISIS TS1 Project Leslie Jones Target Design Engineer Project HPTW 2018, FRIB, East Lancing Project Introduction Overview of ISIS Target Station 1- TRaM TS1 Project Aims

479 views • 31 slides
Target Test Program Peter Loveridge STFC/ RAL Mu2e Target, Remote Handling, and Heat &amp;

Target Test Program Peter Loveridge STFC/ RAL Mu2e Target, Remote Handling, and Heat &amp;

Target Test Program Peter Loveridge STFC/ RAL Mu2e Target, Remote Handling, and Heat &amp; Radiation Shield Review Nov 16-18 2015 1 Target Test Program The Mu2e target test program aims to: identify show-stoppers quantify the technical

882 views • 46 slides
SMALL CHARITIES THE REALITY Definition of small Micro, small The scope, reach and

SMALL CHARITIES THE REALITY Definition of small Micro, small The scope, reach and

SMALL CHARITIES THE REALITY Definition of small Micro, small The scope, reach and value of small Presumptions about small charities Diversity of views, are we all progressive liberals? Public benefit, define the public,

480 views • 13 slides
What is an Achievement Target? Planning and Assessment Ramapo College What is an Achievement

What is an Achievement Target? Planning and Assessment Ramapo College What is an Achievement

What is an Achievement Target? Planning and Assessment Ramapo College What is an Achievement Target? A target, benchmark, or value that will represent success at achieving a given outcome. Achievement Targets Each achievement target

298 views • 6 slides

More recommend