Sheila Warren, VP of Alliances and General Counsel. Independent Sector Preparing to Be Hacked October 2015

Size: px

Start display at page:

Download "Sheila Warren, VP of Alliances and General Counsel. Independent Sector Preparing to Be Hacked October 2015"

Rudolph Tucker
5 years ago
Views:

1 Sheila Warren, VP of Alliances and General Counsel Independent Sector Preparing to Be Hacked October 2015

2 TechSoup San Francisco, CA Our mission is to build a dynamic bridge that enables design and implementation of technology solutions for a more equitable planet. 162 countrie s served 690k NGOs reached 2. TechSoup Global All rights reserved

TechSoup What We Do Social Sector Resources Platform: 100+ donors, 162 countries, 42 languages Social Sector Data: 690,000+ organizations Social Innovation: 17,590

3 TechSoup What We Do Social Sector Resources Platform: 100+ donors, 162 countries, 42 languages Social Sector Data: 690,000+ organizations Social Innovation: 17,590 technologists and civil society activists monthly in 48 cities & 20 countries Global Philanthropy & Development: capital flows 3. TechSoup Global All rights reserved

4 The Cyber Threat Landscape LTC Tim Bloechl (U.S. Army, Retired) Director, Cyber Security CyberDx A Division of Quantum Research International

5 Computing and Security Trends m

6 m Under Cyber Attack! You are here They are somewhere

A Risk Snapshot Increase in Cyber Attacks from 2013 to 2014: 91% Increased Threat 3 Types of Organizations www.cyberdx.

7 A Risk Snapshot Increase in Cyber Attacks from 2013 to 2014: 91% Increased Threat 3 Types of Organizations m Impact of a Breach 2014 Cost of Cyber Crime: $400B Attacks Against Small Business Doubled from 2011 to % of Breaches are at Small Businesses 59% of Breaches are caused by Employees Those who have been hacked and don t know it Those who have been hacked and know it Those who will be hacked Average Time from Breach to Discovery: 205 Days Average Time from Discovery to Cleanup: 35 Days Breaches Discovered by Third Parties: 69% Average Cost in 2014 to a Small or Medium Size Business from a Cyber Attack: $182,242 Cost to Fix Network per Data Record following a Breach: $201; and in Healthcare: $359 Accountability Shift: Execs under increased scrutiny

8 The Unfortunate Truth m

9 Human Vulnerabilities and Risks m

10 CyberDx: Supporting the Not-for-Profit Community

11 Preparing to be Hacked. Steve Sheinberg

12 Your organization is and will be compromised by insiders

13 Create employee policies that recognize that employees are the main threat vector. Teach employees, esp. about social engineering. Talk to the CIO. Get good agreements with vendors and key employees. Strive for Cyber Resiliency Follow the principle of least privilege. Update software, install patches, remove non-approved software. Ensure that your physical security is sufficient. Encrypt all data, period. Segregate differing data onto separate networks. Monitor network traffic. Use two-factor authentication. {Most of this is policy, not tech, driven}

14 Steve Sheinberg General Counsel Anti-Defamation League Personal blog: LinkedIn:

15 KATHLEEN REEN Vice President, ICT Policy and Programs Internews Network

16 Preparing to be Hacked: Defending Against Cyber Threats in a Resource-Constrained Environment Dave Roth Chief Technology Officer Ford Foundation d.roth@fordfoundation.org

17 Ford s Response to a Cyber Breach Evolving multi-faceted security program Estimated breach date Learned of breach by authorities Assessment and remediation Ongoing attacks with isolated breaches 17

18 Cost Security Solutions at Ford: Cost, Effectiveness, & Impact Windows Services Mobile Infrastructure User Impact High Medium Low Encrypt local files Enforce VPN posturing Right-size privileges Manage mobile devices Scan links Restrict RDP Validate vendors security Collect & analyze logs Deploy IDS/IPS Conduct vulnerability scans Deploy client Firewall Patch Often Filter IPs/URLs Block WS-WS comms Enforce complex PWs Effectiveness Clean up AD Contract 24 x 7 MSS Vault server PWs Block attachmnts Disable unused protocols Limit admins Hire security engineer Deploy whitelisting Deploy user 2-factor Deploy admin 2-factor Conduct phishing scenarios Require VPN access Require security awareness Restrict local admin

19 Cost Security Solutions at Ford: Cost, Effectiveness, & Impact Windows Services Mobile Infrastructure User Impact High Medium Low Encrypt local files Enforce VPN posturing Right-size privileges Manage mobile devices Scan links Restrict RDP Validate vendors security Collect & analyze logs Deploy IDS/IPS Conduct vulnerability scans Deploy client Firewall Patch Often Filter IPs/URLs Block WS-WS comms Enforce complex PWs Effectiveness Clean up AD Contract 24 x 7 MSS Vault server PWs Block attachmnts Disable unused protocols Limit admins Hire security engineer Deploy whitelisting Deploy user 2-factor Deploy admin 2-factor Conduct phishing scenarios Require VPN access Require security awareness Restrict local admin

20 Preparing to be Hacked

21 NEXT UP: Join us for the Host Reception at Pérez Art Museum Miami! Please meet in the lobby and buses will begin departing at 6:15 pm. #ISEMBARKS

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats