smes & cybersecuritytechnopreneur.ncb.mu/english/documents/workshopaug2019/smes … · smes in...

CERT-MUComputer Emergency Response Team ofMauritius

Mr. Manish Lobin Information Security Consultant

CYBERSECURITY:

WHAT’S IT GOT TO DO WITH SMES?

SMEs in Mauritius

• Contribute around 40% to GDP

• Employ over 280,000 people (representing 54% of total employment) in

some 125,500 establishments

2www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]

CERT-MU

Source: http://enterbusiness.govmu.org/English/Documents/SME%20Master%20Plan_Full%20Version_FINAL.pdf


CERT-MU Challenges faced by SMEs

• Lack of robust Organisational structures

• Limited access to Resources – Finance, Human, infrastructure

• Framework – administrative structures often restrictive, bureaucratic

• Adoption of Information Security

SMEs & Cybersecurity

What is Cybersecurity?

Cyber security is about protecting your computer-based

equipment and information from unintended or unauthorised

access, change or destruction.


CERT-MU


CERT-MU

What is directly at risk?• Your money

• Your IT equipment

• Your IT-based services &

• Your information: • client lists & customer databases,

• your financial details & your customers’ financial details,

• deals you are making or considering & your pricing information,

• product designs or manufacturing processes6www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]

CERT-MU


CERT-MU

Who could pose a threat to your assets?Ø Current or former employees, or people you do business with• Compromising your information by accident, through negligence,

or with malicious intent

Ø Criminals/Hackers• Out to steal from you, compromise your valuable information or

disrupt your business because they don’t like what you do

Ø Business competitors• Wanting to gain an economic advantage


CERT-MU


CERT-MU What form could the threat take?

• Theft or unauthorised access of computers, laptops, tablets, mobiles

• Remote attack on your IT systems or website

• Attacks to information held in third party systems e.g. your hosted services or company bank account

• Gaining access to information through your staff

What impact could an attack have?

• Financial losses from theft of information, financial and bankdetails or money

• Financial losses from disruption to trading and doing business– especially if you are dependent on doing business online

• Costs from cleaning up affected systems and getting them upand running


CERT-MU

What impact could an attack have? (contd)

• Costs of fines if personal data is lost or compromised

• Costs of losing business through damage to your reputation andcustomer base

•Damage to other companies that you supply or are connected to


CERT-MU


CERT-MU

HOW BAD COULD IT BE?

A single successful attack could seriously damage your business.

Attack Vectors

•Email is the number 1 Attack vector • 92.4% of malware is delivered via email (Source: Verizon 2018 Data Breach

Investigations Report)

• Attackers see email as a direct line to the most vulnerable part of any network — end users

• In the vast majority of cases, malicious emails rely on tricking users into opening attachments


CERT-MU

Attack Vectors (contd.)• As per the 2019 Symantec Internet Security Threat Report (ISTR), the most common

malicious email disguises are:

• Bill / invoice (15.7%)

• Email delivery failure notice (13.3%)

• Package delivery (2.4%)

• Legal/law enforcement message (1.1%)

• Scanned document (0.3%)

• According to the ISTR, 48% of malicious email attachments are Office files, which

typically aren’t blocked by email filters14www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]

CERT-MU

Attack Vectors (contd.) - Ransomware

• Ransomware via Email attachments

• As per Q4 2018 Global Ransomware Marketplace Report (Coveware),

84.5% of ransomware infections have been initiated via RDP


CERT-MU

Attack Vectors (contd.) - Malware


CERT-MU

• 4 out of 5 SMEs reported that malware has evaded their antivirus solutions &intrusion detection system

Source: 2018 State of Cybersecurity in Small & Medium Size Businesses report (Ponemon/Keeper Security)

Insufficient Personnel to fight cyber attacks


CERT-MU


3 out of 4 SMEs say they don’t have sufficient

personnel to address IT security


CERT-MU


How to manage the Risks?


CERT-MU

Ø Planning• Consider whether your business could be a target - this will indicate the level

of risk your business is exposed to

• Know whether you need to comply with personal data protection legislationetc.

• Identify the financial and information assets that are critical to your business,and the IT services you rely on

• Assess the level of password protection required to access your equipmentand/or online services by your staff, third parties and customers, and whether itis enough to protect them



CERT-MU

Ø Planning (contd.)• Ensure that your staff have appropriate awareness training, so that

everyone understands their role in keeping the business secure

• Decide whether you need to make an investment, or seek expertadvice, to get the right security controls in place for your business

• Consider who you could turn to for support if you are attacked, or ifyour online services are disrupted in some way



CERT-MU

Ø Implementing• Network security: increase protection of your networks,

including wireless networks, against external attacks through theuse of firewalls, proxies, access lists and other measures

• Secure configuration: maintain an inventory of all IT equipmentand software. Identify a secure standard configuration for allexisting and future IT equipment used by your business. Changeany default passwords



CERT-MU

Ø Implementing (contd.)• Managing user privileges: restrict staff and third-party access to IT

equipment, systems and information to the minimum required.Keep items physically secure to prevent unauthorised access.

• Home and mobile working, including use of personal devices forwork: ensure that sensitive data is encrypted when stored ortransmitted online so that data can only be accessed by authorisedusers.



CERT-MU

Ø Implementing (contd.)• Removable media: restrict the use of removable media such as USB

drives, CDs, & DVDs, and protect any data stored on such media tohelp stop data being lost and to prevent malware from beinginstalled.

• Monitoring: monitor use of all equipment and IT systems, collectactivity logs, and ensure that you have the capability to identify anyunauthorised or malicious activity.



CERT-MU

Ø Reviewing• Test, monitor and improve your security controls on a regular basis to

manage any change in the level of risk to your IT equipment, servicesand information

• Remove any software or equipment that you no longer need, ensuringthat no sensitive information is stored on it when disposed of. Reviewand manage any change in user access, such as the creation of accountswhen staff arrive and deletion of accounts when they leave



CERT-MU

Ø Reviewing (contd.)• If your business is disrupted or attacked, ensure that the response

includes removing any ongoing threat such as malware, understandingthe cause of the incident and, if appropriate, addressing any gaps in yoursecurity that have been identified following the incident

• If you fall victim to online fraud or attack, you should report theincident on the Mauritian Cybercrime Online Reporting System(MAUCORS) which is an online reporting platform. You may need tonotify your customers and suppliers if their data has been compromisedor lost


CERT-MU


CERT-MU

Remember, there is no such thing as 100 % Security. At some point in time someone will

find a way to bypass a particular defense, often in ways you never thought of.

ThankYou

28

CERT-MU

ComputerEmergencyResponseTeamofMauritius(CERT-MU)

Tel:2105520|Hotline:8002378

GeneralEnquiry:[email protected]:[email protected]

IncidentReportingportal:http://maucors.govmu.orgIncidentReportingemail:[email protected]

CybersecurityPortal:http://cybersecurity.ncb.muWebsite:www.cert-mu.org.mu

CONTACTUS