Cybersecurity Update It’s More Than Technology People: Your First Line of Defense Incident Response
Overview • Types of data in your environment and why it is important. • Trending threats. • Minimizing risks through layers of defense: People , Polices and Technology .
Data You Control Family Information (Spouse, Children) Personally Identifiable Information (PII) General Ledger Details Data that could potentially identify a specific individual. Income Tax Returns Info that could distinguish one person from another. Insurance Policy Numbers Loan Information (Acct # & Balance) Account Numbers (Bank & Credit Card) Name, Address, Phone, Date of Birth Accounts Payable/Receivable Information Organizational Documents Bank Routing Numbers Passport Information Client Login & Password Information Social Security Number (SSN) Client Payroll Information Tax Identification Number Copies of Bank Statements
Data Breaches World’s Biggest Data Breaches & Hacks 4
US Breach Summary • 1 Jan 2005 – 31 Dec 2018 1 – Total breaches = 9,084 – Records exposed = 1,099,019,895 1 http://www.idtheftcenter.org/Data-Breaches/data-breaches 5
Financial and Insurance All Sectors
Avenues of Attack • Basic cyber hygiene (it’s like common sense) – Unpatched known vulnerabilities cause 44 percent of breaches…2 to 4 years old • Configurations, Ports & Protocols – Public facing when it should be behind a firewall – Unused ports should be closed – Remote access should be limited; secure (VPN) • User credentials – Passwords: need complex and changed often – Use multi-factor authentication • User behavior – Education & Awareness • StopThinkConnect.org • LockDownYourLogin.com – Prepare for phishing, pretexting & scams – App “Terms of Service”
Motives for Attacks 2017 Verizon DBIR
The Market for Stolen Account Credentials First Seven Months of 2017 • Botmaster sold approximately 35,000 credential pairs via the ‘Carder’s Paradise’ market • Earned $288,609.25 • Average of $8.19 for each credential sold through the service. 9 https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/
Dark Web Accounts Price List Account Price Verizon $12 Wireless.com Airbnb.com $15 Ebay.com $10 Fido.ca $20 Buy Accounts Chase.com $25 Orders Citibank $25 Navyfederal.org $60 Target.com $10 Wellsfargo.com $25 Rbroyalbank.com $65 BB&T.com $25 TDBank.com $25 Ally.com $25 Criminals can specify the financial institution when purchasing usernames and passwords. If what they want is not available, they can place an “order” for a credential set.
What is working for criminals? Verizon DBIR 2018
5 Common Attack Methods People: Your First Line of Defense PHISHING PRETEXTING FACILITY ACCESS ENTICEMENT DUMPSTER DIVING
People Policies Technology
Employees are your first line of defense.
Multi-Factor Authentication
Remain Vigilant First Line of Defense – People! Users Make or Break Information Security. Recognize and question changes in systems.
Incident Response Incident response is a process, not an isolated event. In order for incident response to be successful, teams should take a coordinated and organized approach to any incident.
Digital Forensics Recovering and investigating material found in digital devices Understanding what happened Determining the extent of the breach
Response Team Representation Executive Management IT Department IT Vendors Information Security Legal Human Resources
Incident Response Plan Should be separate from DR/BC or other plans Define roles and responsibilities Establish common process Categorize incident severity Requires training for team members
Incident Response Must be led by an experienced incident manager Communications are essential Pre-determined actions, locations, budgets, etc. are crucial Do Not Jump To Conclusions!
Incident Response Steps Detection Response Reporting Recovery Remediation
Recognize the threat DETECTION Determine root cause Identify possible solutions Communicate with stakeholders
One test per year A Smarter Way to Security Places responsibilities of log management into the expert hands of security analysts and consultants . Eliminates costly capital investment of traditional SIEM operations. Detection Tool - Managed SIEM (Security Information and Event Management) 24x7 Alerting Reporting Real-time Analysis
Financial Institution Recommendations Source: Verizon 2018 Data Breach Investigation Report
Responding to a Data Breach Action Items – Contact Cybersecurity firm to Begin Your Investigation • Experienced consultants will help guide your steps both during and after the incident. – Contact an Attorney • As part of our response services, Pratum can guide you to an attorney experienced in data breaches. – Contact Your Insurance Agent • Keep your insurance agent informed when dealing with a breach.
Summary Having a plan to address an incident before it happens is invaluable Assigning an incident manager will help reduce confusion and decrease time and money spent during incident response. Overreaction and assumptions will be costly
Q&A Todd.Robran@Pratum.com www.Pratum.com
References World’s Biggest Data Breaches & Hacks • – http://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Use A Passphrase • – http://www.useapassphrase.com/ The Market for Stolen Credentials • – https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/ ‘;-- have I been pwned? • – https://haveibeenpwned.com/ FFIEC Cybersecurity Assessment Tool User’s Guide • – https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017.pdf FFIEC Cybersecurity Assessment Tool Frequently Asked Questions • – https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT%20FAQs.pdf FFIEC CAT Overview for CEOs and Boards of Directors • – https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_CEO_Board_Overview_June_2015_PDF1.pdf FSSCC Automated Cybersecurity Assessment Tool V2 • – https://www.fsscc.org/files/galleries/FSSCC_ACAT_v2_1.xlsx (updated post to web 12 Jun 2018) FFIEC Cyber Attacks Involving Extortion Joint Statement • – https://www.ffiec.gov/press/PDF/FFIEC%20Joint%20Statement%20Cyber%20Attacks%20Involving%20Extortion.pdf Verizon Data Breach Investigations Report • https://www.verizonenterprise.com/verizon-insights-lab/dbir/ – 2018 Report: https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf – Version Data Breach Digest • http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/ –
Recommend
More recommend