Cybersecurity Today Avoid Becoming a News Headline

Similar documents
Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Designing and Building a Cybersecurity Program

Cybersecurity for Service Providers

Cybersecurity The Evolving Landscape

K12 Cybersecurity Roadmap

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

How Breaches Really Happen

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Les joies et les peines de la transformation numérique

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

CyberSecurity: Top 20 Controls

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

External Supplier Control Obligations. Cyber Security

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

CISO as Change Agent: Getting to Yes

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

What It Takes to be a CISO in 2017

Sage Data Security Services Directory

Ingram Micro Cyber Security Portfolio

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Cyber Risks in the Boardroom Conference

Ransomware A case study of the impact, recovery and remediation events

Assessing Your Incident Response Capabilities Do You Have What it Takes?

ANATOMY OF AN ATTACK!

Background FAST FACTS

Cybersecurity Auditing in an Unsecure World

Cyber Protections: First Step, Risk Assessment

WHO AM I? Been working in IT Security since 1992

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Automating the Top 20 CIS Critical Security Controls

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

CYBER SECURITY AND MITIGATING RISKS

Defensible and Beyond

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Critical Hygiene for Preventing Major Breaches

Gujarat Forensic Sciences University

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Cyber Insurance: What is your bank doing to manage risk? presented by

2017 Annual Meeting of Members and Board of Directors Meeting

Cybersecurity, safety and resilience - Airline perspective

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber security tips and self-assessment for business

NCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen

Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas

10 FOCUS AREAS FOR BREACH PREVENTION

Cyber Security. Building and assuring defence in depth

Must Have Items for Your Cybersecurity or IT Budget in 2018

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Department of Management Services REQUEST FOR INFORMATION

Cybersecurity and Nonprofit

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

ISACA Arizona May 2016 Chapter Meeting

CYBERSECURITY MATURITY ASSESSMENT

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

The Impact of Cybersecurity, Data Privacy and Social Media

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Business continuity management and cyber resiliency

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Information Governance, the Next Evolution of Privacy and Security

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

What every IT professional needs to know about penetration tests

Mapping BeyondTrust Solutions to

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Tips for Passing an Audit or Assessment

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Principles of Protection: Cybersecurity Data Protection. 11/01/2017 Julia Breaux William Sellers

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Heavy Vehicle Cyber Security Bulletin

From Managed Security Services to the next evolution of CyberSoc Services

CYBER RESILIENCE & INCIDENT RESPONSE

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Cybersecurity and the Board of Directors

Protect Your Organization from Cyber Attacks

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

ACM Retreat - Today s Topics:

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

ISE North America Leadership Summit and Awards

People risk. Capital risk. Technology risk

Certified Information Security Manager (CISM) Course Overview

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

locuz.com SOC Services

Transcription:

Cybersecurity Today 2017 Avoid Becoming a News Headline

Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity Incidents 2

MAKING NEWS 3

Equi-Hacks! https://krebsonsecurity.com/ https://www.scmagazine.com/ 4

Uber Bug Bounty? https://www.uber.com/; https://eyeonwindows.com 5

Email Hacks! https://en.wikipedia.org/wiki/podesta_emails 6

IoT Attack! http://searchsecurity.techtarget.com/news/450401962/details-emerging-on-dyn-dns-ddos-attack-mirai-iotbotnet 7

Yahoo Debacle https://techcrunch.com/2017/02/21/verizon-knocks-350m-off-yahoo-sale-after-data-breaches-now-valued-at-4-48b/ 8

Cyber Heists! https://www.theguardian.com/business/2016/ nov/08/tesco-bank-cyber-thieves-25m 9

Massive Cyber Heists! http://fortune.com/2016/09/26/swift-hack/ 10

Unmasking! https://www.wired.com/2016/02/hack-brief-fbi-and-dhs-are-targets-in-employee-info-hack/ 11

Hero to Zero! http://www.telegraph.co.uk/technology/2017/08/03/fbiarrests-wannacry-hero-marcus-hutchins-las-vegas-reports/ https://www.theguardian.com/technology/2017/may/13/accidentalhero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack 12

Email Fraud! 13

Email Fraud! http://www.govtech.com/dc/articles/local-governments-lose-thousands-of-dollars-to-email-fraud.html 14

CURRENT THREATS

3 High Risk Areas 1. E-mail 2. People 3. Volume

CURRENT STATE

Breach Stats http://www.verizonenterprise.com/resources/ reports/rp_dbir_2017_report_en_xg.pdf 18

Breach Stats 19

Ransomware 20

Thinking About Costs 21

The Cost of Breaches https://www.ponemon.org/local/upload/file/2 016%20HPE%20CCC%20GLOBAL%20REPORT% 20FINAL%203.pdf 22

Attack Types 23

Cost per Attack Type 24

Time to Resolve 25

External Consequences 26

Cost per Resolution 27

COMMON POINTS OF FAILURE 28

Common Failure Points Not understanding what all you have Patching / updating / eliminating old systems Poor detection techniques Insufficient logging Lack of incident response Poor communication with members, employees, media 29

What Can You Do? 30

3 Quick Wins 1. Know What You Have Inventory of Data & Systems 2. Operate at the Lowest Level Don t default to Admin level 3. Educate People Security Awareness Training Learning Modules Break room Posters Test Them! E-mail Phishing Attempts

Planning Mentality when not if Vulnerability management program Reducing the time to detect Implement effective monitoring Develop an incident response plan that includes Cyber resilience plan Pre-engaging the right people Table top exercises

State of Mind When not if! There are two kinds of organizations those that have been breached and those that know they ve been breached! 33

Vulnerability Management 34

Vulnerabilities A known vulnerability is a vulnerability in software that the vendor is aware of. Typically they have also created a patch or update that solves the problem. Scanning tools scan for known vulnerabilities. Zero day vulnerabilities are vulnerabilities that vendors are unaware of. Vulnerability scanners have no way to detect zero day vulnerabilities.

Vulnerability Assessments Assessment Type Security Audit Vulnerability Assessment Penetration Test Social Engineering Purpose Evaluation of how various security processes are designed and implemented. Comprehensive identification and evaluation of known vulnerabilities in the computing environment typically involving a combination of the use of scanning tools, network diagram reviews, and reviews of device configurations. Seeking to mimic the actions of a hacker looking for any way to circumvent security controls to gain unauthorized access, typically without being detected. Performing phishing, vishing and other techniques often used by hackers to deceive users into compromising their own security. What is Accomplished? Recommendations for enhancements to fix security management processes. Identification of known technical vulnerabilities in networks, operating systems, databases and applications. Tests the adequacy of the vulnerability management process. Narrow identification of known vulnerabilities based on the techniques used by the pen tester. Determine the exploitability of identified known vulnerabilities. Tests effectiveness of incident identification, response procedures. Tests the effectiveness of the organization s security awareness training program. Social engineering tactics are often used to deceive users into divulging their logon credentials or to get a user to download malware. May test effectiveness of incident identification, response procedures. What is Not Accomplished? Typically not able to assess effectiveness of incident identification or response procedures. May not get good visibility into technical system vulnerabilities. Root cause of why known vulnerabilities exist in the environment. Unsure exactly how exploitable known vulnerabilities are. Unable to assess effectiveness of incident identification or response procedures. Won t catch 0 day vulnerabilities. Typically don t have a comprehensive understanding of all known vulnerabilities. Will not involve 0 day vulnerabilities. Doesn t comprehensively evaluate the design and effectiveness of security management processes and doesn t identify technical vulnerabilities.

Investigating and Isolating Issues Log all events in sensitive directories Deploy file integrity monitoring on all key directories and files Log all activity in sensitive applications and databases Secure all logs from tampering 37

SIEM 38

Responding Rapid self-detection Isolating the extent of the incident Rapid response and self-disclosure use of third parties to help Public relations and transparency Cyber liability insurance 39

Frameworks for Success CYBER RESILIENCY Asset Management Controls Management Configuration and Change Management Vulnerability Management Incident Management Service Continuity Management Risk Management External Dependency Management Training and Awareness Situational Awareness Source: https://www.us-cert.gov/ccubedvp/self-service-crr 40

Frameworks for Success CRITICAL SECURITY CONTROLS (V6.0) The Center for Internet Security (CIS) critical security controls are the core of the NIST cybersecurity framework. Source: www.sans.org 41

Frameworks for Success CRITICAL SECURITY CONTROLS (V6.0) Controls 1-5 will eliminate the majority of vulnerabilities. All 20 controls secure an organization against the most pervasive threats. Source: www.cissecurity.org 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software 4. Continuous Vulnerability Assessment and Remediation 5. Controlled Use of Administrative Privileges 6. Maintenance, Monitoring, and Analysis of Audit Logs 7. Email and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports 10. Data Recovery Capability 11. Secure Configurations for Network Devices 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Control 16. Account Monitoring and Control 17. Security Skills Assessment & Appropriate Training to Fill Gaps 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises 42

Frameworks for Success NIST CYBERSECURITY FRAMEWORK (NIST-CSF) The National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF) serves as a benchmark for coverage across numerous processes. NIST-CSF references other frameworks like NIST SP 800-53, COBIT 5, and ISO 27001 for added detail on how to implement specific controls and processes. This allows the NIST-CSF framework to provide a concise but complete evaluation baseline. 43

Know Who to Contact Before you have a situation, know what lawyers you would work with Pre-identify computer forensic consultants who can help with an investigation Ensure you have a cyber liability policy

Table Top Exercises 45

Notification & Disclosure Cybersecurity Breach Notification Compliance Heat Map 46

Questions? Brittany George, CISA, QSA Senior Manager, IT Advisory Services 972.448.9299 brittany.george@weaver.com Trip Hillman, CISA, CEH, GPEN, GSNA Manager, IT Advisory Services 972.448.9276 trip.hillman@weaver.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback