How to Minimize Cyberattack

DamagePresented by:

Jeffrey Ziplow – Partner

David Nowacki - Manager

Five-Part Cybersecurity Webinar Series

2

Click to add text

WannaCry – spreads around the world!!

Equifax – Apache not Patched

2005 2012 2013

Q1 Q2 Q3 Q4

2014

Q1 Q2 Q3 Q4

2015

Q1 Q2 Q3 Q4

2016

Q1

-

Gpcoder

Reveton

Kovter

Urausy

Nymaim

Cryptowall

Browlock

Linkup

Slocker

CTB-Locker/Citron

Synclocker

Onion

TorrentLocker

Zerolocker

Coinvault

TeslaCrypt

BandarChor

Cryptvault

Tox

Troldesh

Encryptor RaaS

CryptoApp

LockDroid

LowLevel404

CryptInfinite

Unix.Ransomcrypt

Radamant

VaultCrypt

XRTN

Cryptolocker2015

Simplocker

Pacman

Virlock

Pclock

Threat Finder

Hidden Tear

ORX-Locker

Dumb

Maboua OSX POC

Power Worm

DMA-Locker

Gomasom

Chimera Locker Ginx

Ransom32 73v3n

CryptoJocker

LeChiffre

Nanolocker

Magic

Locky

Vipasana

Hi Buddy

Job Cryptor

PayCrypt

KeRanger

Umbrecrypt

Hydracrypt

» The World Economic Forum classifies cybercrime as a “Top Global Risk”.

» 85% of business assets are in digital form

» 68% of funds lost in a breach are declared unrecoverable

» Small businesses are a target.

» Easy target for cybercriminals.

» Systems as a secret doorway into their corporate partners’ networks.

» Experience a higher proportion of cybercrime costs

» Experience the disruptive effects of data breaches both immediately and in the long term

» Any device connected to the Internet can be hacked.

» Devices offer hackers quick access to businesses’ data through unsecured Wi-Fi networks

» Compromised IoT devices and turn them into “bots” to use in future attacks

» Adequate security protocols do not yet exist

» Over 75% of all cyberattacks target known vulnerabilities

8

» Lack of updating (patching) software and O/S

» Lack of password length, rotation and/or complexity

» Missing anti-virus/spyware updates or software not working

» Inadvertent Actors Responding to Phishing emails

» Inability to identify ransomware before attack

» Lack of employee training and/or user education

» System alerts and logs are not monitored

Remediate – Critical Security Controls

• Conduct an data inventory assessment

• What kind of personal, confidential and/or restricted data does your business have?

• How is that data handled and protected? Who has access to that data?

• Is the data encrypted in transit and at rest?

• Confirm documented policies and procedures

• Do employees recognize importance of data security protocols?

• Control (and monitor) employee access to sensitive data

• Keep to a “least privilege” necessary method

• Evaluate your vendor contracts

• Validate their commitments to protecting your data

10

11

• Confirm documented policies & procedures

• Written Information Security Program (WISP)

• Documents policies & procedures for securing and protecting the network

• Patching and Vulnerability Management

• Password and User Policies

• Configuration Management / Device & Software Hardening

• Perimeter Security, Incident Detection, Data Leakage Prevention

• Provides policies for accessing, collecting, storing, using, transmitting and protecting personal information

• New hire and Termination process/program

• Disaster Recovery/Business Continuity

• Bring Your Own Device (BYOD)

• Incident Response Plan

NIST – National Cyber Security Framework – Self Assessment

13

Access

Management

PERIMETER

APPLICATION

NETWORK

Host

DATA

Encryption

Access

Control

Input Validation

Host IDs

Vulnerability Assessment

Access Control

Virus ProtectionVulnerability AssessmentAccess Control

Intrusion DetectionIntrusion Prevention

Vulnerability AssessmentAccess Control

FirewallVPNEncryptionAccess Control

LAYERED

SECURITY

FRAMEWORK

14

Core Objectives

• Develop and demonstrate foundational-level knowledge of cybersecurity

• Confirm understanding of policies and procedures

• Employ best practices to protect privacy and data

• Identify and report potential cybersecurity and privacy incidents promptly

• Recognize common threats:

• Phishing

• Business Email Compromise

• Insecure Browsing

• Data Leakage

15

Preparation

Identification

Containment

Eradication

Recovery

16

• Document security policy & incident handling procedures

• Build a team

• Confirm contact information & security channels

• Who needs to be contacted (Attorney, AG office)

• Proactive Monitoring

• Alert Log Retention

• Vulnerability Monitoring

• Incident prevention

• Perform risk assessment

• Patch management

» Demonstrate proactive support for cybersecurity

» Roadmap to Improve Security Programs and Practices

» Create a culture of cyber security

» Emphasize its importance (tone at the top)

» Resource it appropriately (budget and people)

» Chat regularly with your CISO

» Discuss the organization’s current security posture, threats and risks, and needs

» Leverage Consultants and Advisors

» Follow processes and security safeguards

» Perform a vulnerability assessment

» Layer security protocols

» Train employees

18

Jeffrey Ziplow – MBA, CISA, CGEIT

Partner

BlumShapiro

860.561.6815

jziplow@blumshapiro.com

David Nowacki–CISA, CIA

Manager

BlumShapiro

860.561.6811

dnowacki@blumshapiro.com