cybersecurity update
play

Cybersecurity Update Its More Than Technology People: Your First - PowerPoint PPT Presentation

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:


  1. Cybersecurity Update It’s More Than Technology People: Your First Line of Defense Incident Response

  2. Overview • Types of data in your environment and why it is important. • Trending threats. • Minimizing risks through layers of defense: People , Polices and Technology .

  3. Data You Control Family Information (Spouse, Children) Personally Identifiable Information (PII) General Ledger Details Data that could potentially identify a specific individual. Income Tax Returns Info that could distinguish one person from another. Insurance Policy Numbers Loan Information (Acct # & Balance) Account Numbers (Bank & Credit Card) Name, Address, Phone, Date of Birth Accounts Payable/Receivable Information Organizational Documents Bank Routing Numbers Passport Information Client Login & Password Information Social Security Number (SSN) Client Payroll Information Tax Identification Number Copies of Bank Statements

  4. Data Breaches World’s Biggest Data Breaches & Hacks 4

  5. US Breach Summary • 1 Jan 2005 – 31 Dec 2018 1 – Total breaches = 9,084 – Records exposed = 1,099,019,895 1 http://www.idtheftcenter.org/Data-Breaches/data-breaches 5

  6. Financial and Insurance All Sectors

  7. Avenues of Attack • Basic cyber hygiene (it’s like common sense) – Unpatched known vulnerabilities cause 44 percent of breaches…2 to 4 years old • Configurations, Ports & Protocols – Public facing when it should be behind a firewall – Unused ports should be closed – Remote access should be limited; secure (VPN) • User credentials – Passwords: need complex and changed often – Use multi-factor authentication • User behavior – Education & Awareness • StopThinkConnect.org • LockDownYourLogin.com – Prepare for phishing, pretexting & scams – App “Terms of Service”

  8. Motives for Attacks 2017 Verizon DBIR

  9. The Market for Stolen Account Credentials First Seven Months of 2017 • Botmaster sold approximately 35,000 credential pairs via the ‘Carder’s Paradise’ market • Earned $288,609.25 • Average of $8.19 for each credential sold through the service. 9 https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/

  10. Dark Web Accounts Price List Account Price Verizon $12 Wireless.com Airbnb.com $15 Ebay.com $10 Fido.ca $20 Buy Accounts Chase.com $25 Orders Citibank $25 Navyfederal.org $60 Target.com $10 Wellsfargo.com $25 Rbroyalbank.com $65 BB&T.com $25 TDBank.com $25 Ally.com $25 Criminals can specify the financial institution when purchasing usernames and passwords. If what they want is not available, they can place an “order” for a credential set.

  11. What is working for criminals? Verizon DBIR 2018

  12. 5 Common Attack Methods People: Your First Line of Defense PHISHING PRETEXTING FACILITY ACCESS ENTICEMENT DUMPSTER DIVING

  13. People Policies Technology

  14. Employees are your first line of defense.

  15. Multi-Factor Authentication

  16. Remain Vigilant First Line of Defense – People! Users Make or Break Information Security. Recognize and question changes in systems.

  17. Incident Response Incident response is a process, not an isolated event. In order for incident response to be successful, teams should take a coordinated and organized approach to any incident.

  18. Digital Forensics Recovering and investigating material found in digital devices Understanding what happened Determining the extent of the breach

  19. Response Team Representation  Executive Management  IT Department  IT Vendors  Information Security  Legal  Human Resources

  20. Incident Response Plan Should be separate from DR/BC or other plans Define roles and responsibilities Establish common process Categorize incident severity Requires training for team members

  21. Incident Response Must be led by an experienced incident manager Communications are essential Pre-determined actions, locations, budgets, etc. are crucial Do Not Jump To Conclusions!

  22. Incident Response Steps Detection Response Reporting Recovery Remediation

  23. Recognize the threat DETECTION Determine root cause Identify possible solutions Communicate with stakeholders

  24. One test per year A Smarter Way to Security Places responsibilities of log management into the expert hands of security analysts and consultants . Eliminates costly capital investment of traditional SIEM operations. Detection Tool - Managed SIEM (Security Information and Event Management) 24x7 Alerting Reporting Real-time Analysis

  25. Financial Institution Recommendations Source: Verizon 2018 Data Breach Investigation Report

  26. Responding to a Data Breach Action Items – Contact Cybersecurity firm to Begin Your Investigation • Experienced consultants will help guide your steps both during and after the incident. – Contact an Attorney • As part of our response services, Pratum can guide you to an attorney experienced in data breaches. – Contact Your Insurance Agent • Keep your insurance agent informed when dealing with a breach.

  27. Summary Having a plan to address an incident before it happens is invaluable Assigning an incident manager will help reduce confusion and decrease time and money spent during incident response. Overreaction and assumptions will be costly

  28. Q&A Todd.Robran@Pratum.com www.Pratum.com

  29. References World’s Biggest Data Breaches & Hacks • – http://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Use A Passphrase • – http://www.useapassphrase.com/ The Market for Stolen Credentials • – https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/ ‘;-- have I been pwned? • – https://haveibeenpwned.com/ FFIEC Cybersecurity Assessment Tool User’s Guide • – https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017.pdf FFIEC Cybersecurity Assessment Tool Frequently Asked Questions • – https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT%20FAQs.pdf FFIEC CAT Overview for CEOs and Boards of Directors • – https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_CEO_Board_Overview_June_2015_PDF1.pdf FSSCC Automated Cybersecurity Assessment Tool V2 • – https://www.fsscc.org/files/galleries/FSSCC_ACAT_v2_1.xlsx (updated post to web 12 Jun 2018) FFIEC Cyber Attacks Involving Extortion Joint Statement • – https://www.ffiec.gov/press/PDF/FFIEC%20Joint%20Statement%20Cyber%20Attacks%20Involving%20Extortion.pdf Verizon Data Breach Investigations Report • https://www.verizonenterprise.com/verizon-insights-lab/dbir/ – 2018 Report: https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf – Version Data Breach Digest • http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/ –

Recommend


More recommend