cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-pm-stone.pdfphishing – reputational...

Cybersecurity 101

Scott Stone, MACS

• IT Partner and CIO for ACT• 25 Years in the Industry• Cyber Threat Analyst – From NCFTA• Trained Ethical Hacker – EC Council• Certified in

• Network Security• Emergency Response Planning• Cisco, Sophos, Linux, Novell, etc.

2

Topics to be Covered

• IT Security Trends• Phishing / Ransomware• Protecting Your Organization

• Patching • Firewalls• Antivirus / AntiMalware• Backups• Pen Tests / Vulnerability Scans• Mobile Devices• Other Security Items• Policies and Procedures• Passwords / Managers / Two-Factor Authentication

3

Breached Records – First Half of 2015

4

Breached Records – First Half of 2016

5

Breached Records – First Half of 2017

6

Breached Records – First Half of 2018

7

2017 Breaches by Industry

8

2018 Breaches by Industry

9

Breach Incidents by Type – 2017

10

Breach Incidents by Type – 2018

11

Breach Incidents by Source – 2017

12

Breach Incidents by Source – 2018

13

This Happens Everywhere, Right?

2017

14

This Happens Everywhere, Right?

2018

15

Phishing Attacks

• Phishing uses social engineering, a technique where cyberattackers attempt to fool you into taking an action.

• These attacks often begin with a cyber criminal sendingyou an email pretending to be from someone or somethingyou know or trust, such as a friend, your bank, or yourfavorite online store.

• These emails then entice you into taking an action, such asclicking on a link, opening an attachment, or responding toa message.

• Cyber criminals craft these emails to look convincing.

Still the largest threat IT currently deals with.17

Phishing / Spear Phishing

WAS PRIMARILYCREDENTIALS ANDACCOUNT ACCESS

NOW MORERANSOMWARE / CRYPTOWARE

INCREASE IN THERESEARCH PEOPLE ARE

DOING PRIOR TOSENDING PHISHING

EMAILS

REDUCTION IN THEDUPLICATION OR

COMPLEXITY OF ACTUALEMAILS TO AVOID

LOOKING LIKE SPAM

TARGETEDATTACHMENTS AND

SUBJECTS BASED ONJOB ROLE

CRIMINALS AREPATIENT AND

THOROUGH BECAUSEIT PAYS TO BE

18

Phishing – Three Attack Types

1. Direct Money Theft2. Credential Theft3. Computer / Network InfectionWhat do these have in common?They make piles

of MONEY!19

Phishing Emails – Direct Money Theft

20

Phishing Emails – Credential Theft

21

Phishing Emails – Credential Theft

22

Phishing – Reputational Loss

Good Afternoon All,

This email comes as a warning regarding an email hack that we are experiencing. It has been brought to our attention that our CCO/CFO, Amy Smith, has had her email hacked. Steps are being taken right now to correct the situation.

Should you receive any correspondences from Amy Smith (AS@ABCWealthcom) requesting any kind of information— DO NOT OPEN! Either delete and/or call our office - ask to speak with either Amy or Bob Smith.

We apologize for any inconvenience and are working tirelessly to fix the problem.

Best,Sue JacksonMarketing ManagerABC Wealth Management

24

Phishing Emails – Ransomware Infection

25

Ransomware

Currently Ransomware commonly comes disguised as Email File Attachments:

• Invoice.doc or Invoice.zip

• Fax.doc or Fax.zip• Voicemail.wav or

Voicemail.zip• IRS Notice.zip

Or Download links:• UPS / FEDEX / USPS

notifications• Client files to Box,

Dropbox, Google drive, OneDrive

• Tax documents / Wells Fargo Documents

26

Ransomware

• 60% of Phishing emails we see lead to Ransomware. 20% each to Credential Theft or Direct Theft.

• Ransomware attacks are on the rise.

• FBI estimates Cyber Criminals will make over $11.5 billion in 2019.

• We have consulted on Ransomware infections for organizations from large hospitals to home businesses.

• Only options are to pay or restore from backups.

• Ransomware always results in downtime and lost productivity.

27

Ryuk Ransomware

• Ryuk ransomware banks $3.7 million in five months –Engadget 1/13/19

• Local manufacturer hit with 79 BTC ($282,583) ransom

• Crippled their US, Canadian, and UK sites

• Encrypted files on all their servers and their backups

• Attacked them again two months after initial infection

28

Ryuk Ransomware

• Starts by infecting systems with TrickBot malware (typically through methods like phishing email).

• Uses PowerShell and Remote Desktop Protocol to create backdoors and steal passwords.

• Lets the intruders study their targets to determine the money-making potential.

• They look for the most critical systems and will even pass on launching the Ryuk encryption if the organization isn't large enough.

• They target industries at different times (schools, local government, public housing, manufacturing).

29

Ransomware Distribution Methods

• Files Attached to Email• Common File Transfer Services:

• Dropbox• OneDrive• GoogleDrive• LeapFile• Sharefile

• What are the risks?

30

Protecting Yourself

• Be suspicious of attachments and only open those that youwere expecting.

• Pause and think about emails that impart a sense of urgency.• Just because you got an email from your friend does not mean

they sent it.• DO NOT CLICK ON LINKS IN EMAIL.• Not sure? Forward it to IT.• Train yourself:

• https://www.phishingbox.com/phishing-test• https://www.opendns.com/phishing-quiz/

31

Phishing – Protecting Yourself

Enable Enable two-factor authentication – O365, Google Authenticator, Security Key, SMS.

Train Train your employees and yourself – KnowBe4, Wombat, Sophos.

Use Use a quality email provider – Office365, Gmail, ProtonMail.

32

Patching

What is patching?Why is it important?What do I need to do?

33

Patching

• A Fully Patched Windows 7 or 10 computer was immune to 97% of all active attacks in 2018.

• The software industry is moving to an automatic patching model. Hardware and IOT are going to be slow to adopt this approach.

• Most Firewalls will not fully patch themselves automatically.• A software inventory system is a key component to tracking

unpatched systems. • Microsoft automatic patching is not reliable. (WSUS)• All software is vulnerable--e.g., WinRAR.

34

Firewalls

• Unified Threat Management (UTM) Firewalls at every Internet Connection

• UTM incorporates:• Antivirus Scanning• Country Blocking / Geo IP Filtering• Content Filtering • Intrusion Detection• Intrusion Prevention• Application Control / Blocking

• Internal Firewalls for Finance / EHR / HR35

Antivirus / Antimalware

• Must be centrally managed to be effective• Should automatically alert IT of infections• Heuristic AV clients are better than pattern based• AntiMalware technology can work with your Firewall to limit

access after an infection• Should be layered – Firewall / Server / PC• AI starting to impact this market

36

Backups

• Must include Off-site or Cloud backups.• Need to be disconnected from the network.• Restoration time is a business decision.• Local copies should be part of the strategy.• Needs to be encrypted – Who holds the keys?• Retention should be a primary part of the backup strategy.

37

Pen Test / Vulnerability Scans

• Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.

• Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.

38

Mobile Device Management

• The next target for thieves• SIM jacking is a real threat now• Corporate Assets vs Personal Devices• Security in this space is moving quickly• iPhone vs Android?

39

Mobile Devices – Personal Best Practices

• Keep it updated (IOS / Nexus).• Use a strong Pin / Passcode.• Be careful of the apps you install.• Dispose of old devices properly.• Be cautious of what you plug it into to charge.• Do not open attachments you do not need to

read on your phone.40

Other Security Concerns

• PowerShell on the desktop• VLANs are not real security• Local Admin rights to the computer• IT Staff running as Administrators• VPNS for Vendors (HVAC, Copiers, Security)• Network Managed Services Providers

41

Policies and Procedures

• What should you have?• Risk Analysis / Risk Assessment• Incident Response Plan / Log• Disaster Recovery Plan

• Other items:• Privacy Policy / Assessment• Security Policy / Assessment

42

Passwords and Two-Factor Authentication

Password Best Practices Review

01Password Managers, Haystacking, Passphrases

02Two-Factor –Types, Uses, Limitations, Benefits

03

43

Passwords: Protecting Yourself

Enable Enable Two-Factor Authentication.

Use Use a Password Manager such as LastPass.

Do not reuse Do not reuse Passwords for important sites.

44

Password Managers

A password manager is a software application or hardware that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database.

Examples:• LastPass• 1Password• KeePass• Lenovo Fingerprint Manager• HP Protect Tools 45

Excel as a Password Manager?

• Better than writing them down.

• Must set a strong master password.

• Be careful how you transfer it or store it.

• Backups are an issue.

46

Password Haystacking

• Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search –ultimately trying every possible combination of letters, numbers, and then symbols until the combination you chose is discovered.

• Example: LinkedIn4-=-=-=• Which of the following two passwords is stronger,

more secure, and more difficult to crack?D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

47

Passphrases

• Instead of a Password consider using a Passphrase.• Examples:

• MydogsnameisRex• Securityisnotthathard• Ilove2learn!

• Longer passwords are better passwords.• Use a Password Manager to create long, secure,

unique passwords so you do not need to remember every one.

48

Ways to Stay Safe – Passwords

• Don’t reuse passwords.• Don’t type your password

into a public use machine.• If you do have to – change it

ASAP.

• Use a machine other than your kid’s gaming machine to check mail or log into Firm resources.

• Use a Password Manager.• Use Password Haystacking.

• Use Passphrases instead of Passwords.

• If you hear about a breach –change your password.

• Always be diligent about typing in passwords where people can see you type them in.

• Upgrade your operating system and keep it updated.

49

Two-Factor Authentication / Biometrics

Two-Factor Authentication Means:Something You Know

(Password)+

Something You Have(RFID Badge, SMS Message, Time-Based One-Time password,

Hardware Key-U2F) OR

Something You Are(Fingerprint, Retinal Scan, Palm Scanner, Facial Recognition,

Voice Recognition)50

Two-Factor Authentication / Biometrics

• Two-Factor Authentication aka 2FA or Multifactor Authentication

• Examples:• Pin Texted To Your Cell• Google Authenticator• RSA SecureID• Mobile App Authentication

• Biometrics• Fingerprint Scanner (Laptop,

iPhone, etc.)• Retinal Scanner• Hand Geometry• Facial Recognition

51

Best Apps For Two Factor

Google AuthenticatorDuo MobileMicrosoft AuthenticatorFree OTP

52

What about Security Questions?

Such as:• Mother’s maiden

name• City you were born in• Street you grew up on• Best friend’s name• Father’s middle name

Terrible – Answers available on Social Media

53

Physical Loss of Paper!

• Shredding

• Printing and Faxing

• Copies Sitting Out

• Secure Print & eFax

• Electronic Device Memory (copiers)

Think Low-Tech:27% of Breach incidents were

related to paper!

54

Where are you spending too much?

• Support Contracts – Cisco, Microsoft, Dell, HP• Data / Phone – Have you renegotiated in last 24 months?• Expertise – IT in General, Exchange • EHR – On Premise vs Cloud?• Data Centers – What is actually there?• Hosted Services – Journaling, Portals, etc.

55

CENTRALIZEDANTIVIRUS ON EVERYWORKSTATION AND

SERVER WITHACTIVE IT

NOTIFICATION

PATCH MANAGEMENTFOR EVERY PC AND

SERVER BOTHMICROSOFT AND THIRD

PARTY

FIREWALLPROTECTION WITH ANUP-TO-DATE PRODUCT

GOOD PASSWORDHYGIENE

SOLID BACKUPSINCLUDING CLOUD OR

OFF-SITE STORAGEIT

Security Basics

QUESTIONS?Scott Stone, MACSPartner – IT Servicesvoice: 724.658.1565 or 800.452.3003e-mail: scott.stone@actcpas.com

Connect with ACT:

To help protect your privacy, PowerPoint has blocked automatic download of this picture.To help protect your privacy, PowerPoint has blocked automatic download of this picture.To help protect your privacy, PowerPoint has blocked automatic download of this picture.