Defending Our Digital Density.

Transcription

1 New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) is known as the Division of Cybersecurity of the New Jersey Office of Homeland Security and Preparedness (NJOHSP). NJOHSP helps to direct prevention, detection, protection, response, and recovery planning, not only at the State level, but also at the regional and national levels with our varied partners. NJOHSP is led by Director Jared Maples and comprised of four Divisions: Intelligence, Policy and Planning, Cybersecurity, and Administration.

2 GOV. PHIL MURPHY LT. GOV. SHEILA OLIVER DIR. JARED MAPLES NJCCIC NJ Cybersecurity & Communications Integration Cell The State s one-stop shop for cybersecurity Information Technology Homeland Security Law Enforcement Protect our State Agencies Facilitate the adoption of best practices Promote statewide awareness of the threat landscape Objectives Reduce Cyber Risk Information contained in this document is and may be distributed without restriction.

3 Organization Governance Risk and Compliance SECOPS Cyber Threat Intelligence & Analysis Partnerships Information contained in this document is and may be distributed without restriction.

4 ROIC s Mission Information contained in this document is and may be distributed without restriction.

5 Tactics NJCCIC: Training & Awareness Policies & Protocols Hardware & Software Information contained in this document is and may be distributed without restriction.

6 Threat Landscape Iran Espionage Critical Infrastructure China ICS SCADA Russia Romania Manipulative North Korea Data Breaches Darknets Fraud Black Market SSNs Profit-motive Identity Theft Insurance Fraud PII Anti-Government Anti-Police Ideology Crime Doxing Vandalism Nation-state Cyber Warfare Lifeline sectors Advanced Persistent Threats Hacktivism Terrorism Physical Damage Sabotage Pro-ISIS Intrusions Subversion Public Health Politically Motivated Ideology Denial of Service Retribution Website Defacements Network Exploitation Information contained in this document is and may be distributed without restriction.

7 2017 KPMG s (Sector) Cyber Survey 43% of respondents have not increased cybersecurity budget despite knowledge of high-profile breaches Over half of respondents have seen an employee fall victim to a phishing scam & approximately one third have seen theft from a secured database by internal bad actor 87% of organizations can identify a cyber-event but only 59% can manage risk proactively ~36% of organizations do not have a CISO Information contained in this document is and may be distributed without restriction.

8 Ponemon Institute: 2017 Cost of Data Breach Key Findings: US average total cost of data breach = $7.35M 47% of breaches caused by malicious attacks On average, it took organizations 206 days to identify a breach Healthcare breach avg. cost per record = $380 (industry average = $225) Image Source: Ponemon Ins0tute Information contained in this document is and may be distributed without restriction.

9 Cyber Event Threats: The Rearview Mirror Information contained in this document is and may be distributed without restriction.

10 Municipal Govt. Threat The Rearview Mirror Citizen Data Theft Service Interruptions Ransomware Information contained in this document is and may be distributed without restriction.

11 Colorado DOT for State of CO hit with Ransomware Multiple times Over 2,000 Systems affected National Response Information contained in this document is and may be distributed without restriction.

12 2017: Municipal Ransomware - NJ NJCCIC received 31 Reports of Ransomware within NJ last year. 6 were NJ Police Departments. Actual number of Local PD s was over 17. NJCCIC Analysts were able to de-crypt and restore about 30-40% at no cost to the victim. Information contained in this document is and may be distributed without restriction.

13 The Road Ahead Threats / Trends: Data Theft Will Persist Expanding Extortion Tactics Mobile Device Vectors Data Manipulation Information contained in this document is and may be distributed without restriction.

14 Best Practices People are the first line of defense TECH PROCESS PEOPLE but most often the weakest link. Information contained in this document is and may be distributed without restriction.

15 Best Practices Proactive Measures to Reduce Risk: People All members of an organization (e.g. Municipal Government), including the Mayor, Council, Township s senior management, part-time, and contracted workers, must be educated and trained on best practices. Visibility & Discussion procedures, posters, newsletters, reminders. Users should understand how and why they need to follow certain guidelines, not just what they need to do. Users should be held accountable for repeated offenses. Organizations should use examples of security violations and incidents to increase awareness. Information contained in this document is and may be distributed without restriction.

16 Best Practices Proactive Measures to Reduce Risk Processes Policies & procedures should be documented, reviewed, & consented to by all employees, such as an incident response plan, data retention & intellectual property policy, bring your own device policy, & social media policy. Define a process to ensure updates and patches are deployed to all operating systems, software, browsers, plugins, and mobile devices as soon as possible. Implement two-factor authentication (2FA) on all applicable software or services, as well as a password policy with an eight to ten character minimum, standard complexity requirements, and mandatory reset schedule. Ensure all critical data is backed up as necessary and backups are stored offline in a secure location, and tested regularly. Information contained in this document is and may be distributed without restriction.

17 Best Practices Proactive Measures to Reduce Risk Technology Conduct regular asset inventories to identify all devices and systems that comprise your network, followed by vulnerability assessments to identify security gaps Implement end-to-end encryption and/or tokenization on any systems that collect, store, or transmit personally identifiable information (PII), protected health information (PHI), or financial data. Disable or uninstall any software, features, functions, or network ports not essential to business operations. Information contained in this document is and may be distributed without restriction.

18 NJCCIC Services Weekly Bulletin à Bi-Weekly Presentations and Training Threat analysis Blogs Threat profiles Threat Indicator Sharing Information contained in this document is and may be distributed without restriction.

19 Our Analytic Products Information contained in this document is and may be distributed without restriction.

20 A Plug: MS-ISAC Information contained in this document is and may be distributed without restriction.

21 Contact x cyber.nj.gov Information contained in this document is and may be distributed without restriction.