cal net techtalk webinar - vulnerability management 101-10 essential rules to help prevent...
TRANSCRIPT
![Page 1: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/1.jpg)
Protecting your network, defending your data.
Vulnerability Management 101:
10 Essential Rules to Help
Prevent Cyberattacks
Cal Net Technology GroupSouthern California’s Premier IT Service Provider
![Page 2: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/2.jpg)
CYBERCRIME TRENDS & TARGETS
IT Security Budget & Level of Protection
Val
ue
of
Exp
loit
able
Ass
ets
Enterprise
Small Business
Cybercriminal Sweet SpotMid-size Business
![Page 3: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/3.jpg)
Data/Service Price Range
Credit Card # & CVV $4-$8 (US)
$7-$13 (UK/Australia/Canada)
$15-$18 (EU/Asia)
Credit Card including track data $12 (US)
$19-$20 (UK/Australia/Canada)
$28 (EU/Asia)
Fullz (identity and financial info) $25 (US)
$30-$40 (UK/Australia/Canada/EU/Asia)
Bank Account $70K-$150K < $300
Electronic Health Record (partial) $50
Infected Computers (1,000 – 15,000) $20 - $250
THE VALUE OF STOLEN DATA
![Page 4: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/4.jpg)
205 days is the average amount of time organizations
had been compromised before they knew it– FireEye/Mandiant - 2015
![Page 5: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/5.jpg)
The average cost for detection and escalation only subsequent to a security breach is approximately $417,700*
- Ponemon Institute & IBM 2015 – Cost of Data Breach Report
* Cost does not include: Average Total Cost of Data Breach $3.8 Million
Loss of business
(Brand)
Remediation and
mitigation costs
Notification
Identity Protection
![Page 6: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/6.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
Pardon me, but your vulnerability is showing.
Rule #1 Perform regular Internal and External Vulnerability Scans.
![Page 7: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/7.jpg)
99.9%OF THE EXPLOITED
VULNERABILITIES
WERE COMPROMISED
MORE THAN A YEAR
AFTER THE CVE
WAS PUBLISHED.
About half of the CVEs
exploited in 2014 went
from publish to pwn in
less than a month.
VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT
Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.
![Page 8: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/8.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
“There are only two types of companies: those that have been hacked and those that will be.”
-Robert Mueller, FBI Director
Rule #2 Have an Incident Response Plan tested and ready
![Page 9: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/9.jpg)
INCIDENT RESPONSE PLAN
Defines Guidelines for Communications: How to protect communications around an incident to both employees and the public.
Defines Regulatory Thresholds, Notification Requirements and Compliance Considerations.
Provides a clear path for categorization and appropriate actions to mitigate exposure.
![Page 10: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/10.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
“The time to repair the roof is when the sun is shining”. - JFK
Rule #3 Integrate a Vulnerability Management strategy into your Enterprise Patch Management Program.
![Page 11: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/11.jpg)
1) Discover2) Prioritize3) Assess Risk4) Report5) Remediate6) Rescan7) Trending & Metrics
VULNERABILITY MANAGEMENT LIFECYCLE
![Page 12: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/12.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
Your Firewall alone is like bringing a knife to a gunfight.
Rule #4 Focus on a Defense-in-depth strategy.
![Page 13: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/13.jpg)
DEFENSE IN DEPTH
![Page 14: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/14.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
Ignorance is not bliss.
Rule #5 Use Security Information Event Management (SIEM) tools to provide visibility into your enterprise.
![Page 15: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/15.jpg)
SECURITY INFORMATION EVENT MANAGEMENT (SIEM)
Centralize Security Logs
Correlate Security Events Alerts
Automate Compliance
Performance, Change and Availability Monitoring
Detect Botnets and Malware
Risk Prioritization
Uncover your attack surface
Powerful Dashboards, Reporting and Alerting
![Page 16: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/16.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
The check is in the mail.
Rule #6 Cyber Liability Insurance is a must have, but there are rules of engagement for it to be effective.
![Page 17: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/17.jpg)
CYBER INSURANCE
1.Make sure your policy limits and sublimits are adequate
2.Request "retroactive" coverage for prior, unknown breaches
3.Watch out for "panel" and "prior consent" provisions that purport to tie your hands
in responding to a breach
4.Get coverage for claims resulting from your data vendors' errors and omissions,
not just your own
5.If you handle data for others, make sure your liability to them is covered too
6.Seek coverage for "loss" of data, not just data theft
![Page 18: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/18.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
Fool me once, shame on unencrypted data.
Rule #7 Encryption, Encryption, Encryption and more Encryption.
![Page 19: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/19.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
One Ransomware incident with your data is worth 10 DNS filters in your network.
Rule #8 Ensure you are using DNS Malware Protection in your overall defense-in-depth strategy.
![Page 20: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/20.jpg)
RANSOMWARE
Cisco’s analysis of malware
validated as “known bad”
found that the majority of
that malware—91.3
percent—use the Domain
Name Service in one of
these three ways:
- To gain command and
control
- To exfiltrate data
- To redirect traffic
![Page 21: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/21.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
Mama always said “untrained is as untrained does”.
Rule #9 Leverage effective and ongoing Security Education and Awareness Training.
![Page 22: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/22.jpg)
THE 10 GOLDEN RULES OF CYBERSECURITY
You don’t have to be a security expert to have a secure network.
Rule #10 Ensure you have the right skillsets for your Detective, Preventative and Response Security Strategy. Outsource to an expert when appropriate.
![Page 23: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/23.jpg)
OVERVIEWCal Net Technology Group (CNTG)
Headquartered in Los Angeles
Full Spectrum of IT service capabilities
Consistent IT competency and
loyalty through employee membership
ITIL based servicing framework adoption
SLA and run-book based management
20 Years of IT Experience – Service First!
Strategic, planning, IT to business alignment
and IT governance services
Acquisition and disposition of physical and
virtual assets
Transitioning services
Unified communications, carrier management,
desktop, servers, storage, network and backup
expertise
Hosting, virtualization, disaster recovery,
security and governance offerings
Business process capabilities Including help
desk, ticket management and service
automation
Full Lifecycle of IT Requirements
01
![Page 24: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/24.jpg)
C o n t a c t U s
( 8 6 6 ) 9 9 9 - 2 6 3 8
w w w . c a l n e t t e c h . c o m
Matt Lindley - Director of Security Services - Cal Net Technology(e) [email protected]
(p) (818) 721-4474
Interested in scheduling a FREE
Security Assessment?
![Page 25: Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks](https://reader031.vdocuments.us/reader031/viewer/2022030115/589ca3461a28abf4148b63ff/html5/thumbnails/25.jpg)
THANKYOU!
CAL NET TECHNOLOGY GROUP