CYBERSECURITY: ARE YOU PREPARED FOR WHAT’S NEXT? January 23, 2018 1 Com Combat ating Cyb g Cyber Thr r Threat ats Cyber Security Seminar January 23, 2018 Dan Desko Eric Wright 1
Eric W Eric Wright ight Technology Advisors Shareholder • • CPA (Certified Public Accountant) • CITP (Certified Information Technology Professional) • Started my career at Schneider Downs in 1983 • IT Audit Chair for PICPA • Experience in delivering IT Audit, IT Security Services, Penetration Testing and Vendor Risk Management services to a variety of industries, including dealers • Responsible for product delivery, client satisfaction and quality control • BS Degree in Computer Science and Mathematics from Waynesburg College 3 Dan Desk Dan Desko o Senior Manager, IT Risk Advisory Services at Schneider Downs • • CISA (Certified Information Systems Auditor) • CISSP (Certified Information Systems Security Professional) • CTPRP (Certified Third Party Risk Professional) • 14 years of experience, began career working in IT • Current Outgoing ISACA Pittsburgh Chapter President Experience in delivering IT Audit, IT Security Services, Penetration • Testing and Vendor Risk Management services to a variety of industries. • Responsible for product delivery, client satisfaction and quality control. 4 2
Ag Agenda • Current Stat Current State of Cyber e of Cybersecurity ecurity • Exam Examples ples of Cyber of Cyberfrau raud • 10 10 M Must A Ask C Cybersecurity Q Questions • Q&A Q&A 5 Stat State of Cyber e of Cybersecurity ecurity The following slides are highlights of the 2017 Verizon Data Breach Incident Report (DBIR) 6 3
Stat State of Cyber e of Cybersecurity ecurity The important thing to note on this • slide is that the majority of breaches occur in one of two ways: 1. Human error 2. Outside hackers • Bonus: Combination of the Two! • The other important takeaway is that the attackers are organized criminal groups; they’re run like businesses 7 State of Cyber Stat e of Cybersecurity ecurity • Contrary to common belief, not all hacks involve a virus/malware. 51% of breaches involved malware; what were the other 49%? – Stolen User Credentials – User Error – Physical Access – Incorrect Privileges 8 4
Stat State of Cyber e of Cybersecurity ecurity • A large mass of breaches occur through some sort of email attack such as Phishing – Firewall technology has come a long way, humans are now the weakest link in your security Traditional AV alone isn’t great at – spotting malware • A very large majority of the breaches were financially motivated • A good number of breaches were not discovered by the breached entity, but rather a third party; Nightmare PR scenario. 9 Stat State of Cyber e of Cybersecurity ecurity 10 5
Stat State of Cyber e of Cybersecurity ecurity • Phishing deservedly warrants some additional attention – It was found in over 90% of all incidents and breaches. – Once phished, a number of things can occur: • Installation of software (e.g., ransomware, command and control systems, etc.) • Influencing disclosure of sensitive data (e.g., Business Email Compromise) • Using the compromised computer or accounts as a foothold and pivot to other more interesting systems • Using a compromised email account to then phish internally 11 State of Cyber Stat e of Cybersecurity ecurity • According to report from Osterman Research conducted in June among more than 1,000 small and medium businesses -- about 22% of businesses with less than 1,000 employees that experienced a ransomware attack in the last year had to stop business operations immediately. About 15% lost revenue. 12 6
Stat State of Cyber e of Cybersecurity ecurity Photos from KrebsOnSecurity.com 13 14 7
Stat State of Cyber e of Cybersecurity ecurity 15 Ag Agenda • Current Stat Current State of Cyber e of Cybersecurity ecurity • Exam Examples ples of Cyber of Cyberfrau raud • 10 10 M Must A Ask C Cybersecurity Q Questions • Q&A Q&A 16 8
Examples of Cyberfraud The hackers began to study • the company’s operations. They created a new look-a- • like domain and email accounts with real employee’s names. • Began sending real invoices with doctored payment • Large local business instructions to actual clients. with operations all over • Other accounts were used to the United States had phish additional employees multiple employee email and other business partners. accounts phished. Rinse and Repeat…. • 17 Examples of Cyberfraud • Medium sized business has multiple workstations and file servers locked by ransomware. • Operations slowed to a crawl for nearly a week. • The organization did not have a good backup strategy and was forced to pay the ransom. 18 9
Examples of Cyberfraud • Medium sized local business discovers Bitcoin mining software on a number of their servers after weeks of performance issues and failures. • Cyber thieves in this case stole company resources (electricity and CPU power) to enhance their Bitcoin operations. 19 Examples of Cyberfraud • Medium sized / geographically disparate business with field operations has internet hotspots compromised and used to send bulk spam. • Did not realize until they received data bills for $30k plus per location. 20 10
Examples of Cyberfraud Photo courtesy: FBI.gov 21 Ag Agenda • Current Stat Current State of Cyber e of Cybersecurity ecurity • Exam Examples ples of Cyber of Cyberfrau raud • 10 10 M Must A Ask C Cybersecurity Q Questions • Q&A Q&A 22 11
Questio Question One One How well do you know your IT environment? – Accurate inventory of devices – Accurate inventory of software – Accurate inventory of Internet- facing systems 23 Question T Questio Two What data do the hackers want and where does it live? • Look at not only structured data, but unstructured as well (e.g., spreadsheets, user reports, downloads from ERP or CRM systems) • What data lives in your employee’s email accounts? 24 12
Questio Question Three Three If you have identified critical systems and data, how do you further protect access to it? • Do you require complex passwords? • Do you require two-factor authentication to critical systems and the network? – Email – VPN – ERP – CRM 25 Questio Question F Four ur Are your em Are y ur emplo ployees ees susc suscep eptible t e to being being phished? phish d? • Statistics show the answer is likely “yes”. • Have you tested/trained them? • What technical controls have you put in place to stop it? – e.g., Advanced Email Protection 26 13
Questio Question Fiv Five If phishing succeeds, do If phishing succeeds, do you ha u have additional additional pr prot otection m ection methods? ods? • Advanced endpoint protection complements traditional anti-virus • Encryption of data • Whitelisting of allowed applications 27 Question Six Questio Six Does your IT staf Does y ur IT staff concentrat f concentrate e mor more on on secur security ty or oper or operation ations? s? • Management often believes their IT staff focuses on security more than they actively do in reality. • Reality is that security and IT operations often conflict with each other • Having an independent security group or security consulting partner helps bridge the gap 28 14
Questio Question Se Seven Do yo you k know ow w where yo you a are vulnerable? lnerable? A large amount of breaches take • advantage of unpatched operating systems and application software. – e.g., Equifax breach leveraged vulnerability in Apache Struts software toolkit. • How often does your IT team patch systems and software? • Have you run vulnerability scans to test the effectiveness of the patching process? • Do not forget your mobile devices. 29 Questio Question Eight Eight Ha Have y you simulat u simulated an d an external attack t rnal attack to det determine ho ine how secure/vulnerable secure/vulne rable y you u really a ally are? e? • Penetration tests or ethical hacking exercises are valuable because they help identify issues before the bad guys do. 30 15
Questio Question Nine Nine Ho How pr w prepared a epared are y e you u for a fo a breach? • Its not a matter of “IF,” but, “WHEN” • Having a solid incident response plan that is tested may not prevent a breach, but will surely limit the impact • Practice common scenarios (e.g., Phishing, Ransomware, Business Email Compromise, etc.) 31 Questio Question T Ten Ha Have y you adopt u adopted and d and assessed your assessed y urself self against a against a standar standard security frame security framewor ork? k? • Allows for continuous improvement • Set a road map for long- term information security success 32 16
Recommend
More recommend
