Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Similar documents
NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

You ve Been Hacked Now What? Incident Response Tabletop Exercise

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Business continuity management and cyber resiliency

DeMystifying Data Breaches and Information Security Compliance

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Ransomware A case study of the impact, recovery and remediation events

Sage Data Security Services Directory

Keys to a more secure data environment

Maher Duessel Not for Profit Training July Agenda

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Vendor Security Questionnaire

Monthly Cyber Threat Briefing

ACHIEVING FIFTH GENERATION CYBER SECURITY

Cyber security tips and self-assessment for business

Cyber Risks in the Boardroom Conference

What It Takes to be a CISO in 2017

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Information Technology General Control Review

Service Provider View of Cyber Security. July 2017

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

ACM Retreat - Today s Topics:

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Getting Started with Cybersecurity

Cyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Education Network Security

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Cyber Criminal Methods & Prevention Techniques. By

CYBERSECURITY RISK LOWERING CHECKLIST

Cybersecurity The Evolving Landscape

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cybersecurity for Service Providers

Disaster Recovery Self-Audit

FDIC InTREx What Documentation Are You Expected to Have?

Take Risks in Life, Not with Your Security

How Breaches Really Happen

Information Security Incident Response Plan

Designing and Building a Cybersecurity Program

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

locuz.com SOC Services

Cyber Security: It s all about TRUST

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Too Little Too Late: Top Reasons Why You Got Hacked

SECURITY PRACTICES OVERVIEW

WHITE PAPER- Managed Services Security Practices

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Attack: Is Your Business at Risk?

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

Internet of Things Toolkit for Small and Medium Businesses

Lakeshore Technical College Official Policy

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Going Paperless & Remote File Sharing

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Cybersecurity and Hospitals: A Board Perspective

SECURITY & PRIVACY DOCUMENTATION

10 FOCUS AREAS FOR BREACH PREVENTION

Cybersecurity Today Avoid Becoming a News Headline

Cybersecurity Session IIA Conference 2018

CYBER SECURITY AND MITIGATING RISKS

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Canada Life Cyber Security Statement 2018

HOSTED SECURITY SERVICES

Heavy Vehicle Cyber Security Bulletin

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Cyber Resilience. Think18. Felicity March IBM Corporation

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Cyber Security 2010 THE THREATS! THE FUTURE!

Personal Cybersecurity

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Technology Risk Management and Information Security A Practical Workshop

Cyber Insurance: What is your bank doing to manage risk? presented by

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Data Security and Privacy Principles IBM Cloud Services

U.S. State of Cybercrime

Total Security Management PCI DSS Compliance Guide

Information Security Controls Policy

Cyber Security Technologies

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised

Transcription:

Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1

About Harvey Johnson Partner CPA, CISA Niche Leader, Risk Management, IT Services BS in Accounting, University of North Carolina Wilmington MS in Accounting, Old Dominion University Super CPA (2009 2013) Virginia Business Magazine Top 5 Under 35 (2012) VA Society of Certified Public Accountants Top 40 Under 40 (2016) Inside Business Top 40 Under 40 (2016) CPA Practice Advisor About PBMares, LLP Largest full service, Virginia based, accounting and consulting firm Ranked as a Top 100 firm by Inside Public Accounting 40 partners, more than 240 professionals 8 Virginia offices, 1 Baltimore office 2

Cybersecurity Services PBMares has been specializing in Information IT and IS Auditing for 15+ years. Services Include: Cyber Risk Assessments Vulnerability Scans of Network(Internal and External) Penetration Testing IT General Controls Audits Service Organization Control (SOC) Audits Consulting Policy and Procedures Reviews Review of Cyber Insurance Coverage Incident Response Planning and Training Cyber Trends: 2017 and Beyond 3

Top Cyber Trends 1. Ransomware will remain a significant threat Attack methods and targets (including the Cloud) will diversify (Ransomworms, destroying back ups) CyberCrime as a Service Criminals on the dark web with little to no hacking/computer experience can now purchase malware, viruses, worms, etc. Operations come complete with instructions, exploit kits, and even have help/support desks Top Cyber Trends 2. The rise of A.I (Artificial Intelligence) IoT devices main target for botnet zombies Machine learning advance malware attacks Machines to take over many jobs 4

Top Cyber Trends 3. Cryptocurrency Currencies such as Bitcoin, Ethereum to become more popular among millennials Block chain technology to revolutionize monetary and information storing systems Top Cyber Trends 4. Cyber Propaganda The use of tools and other methods to influence political and social agendas 5

Top Cyber Trends 5. Cyber Warfare Top Cyber Trends 6. Mobil and Remote Access Threats Explode Increase in mobile malware to include ransomware, financial malware and RATs McAfee Labs cataloged a large number of mobile threats, especially in Q2 and Q3 of 2016 A recent report showed that more than 200 popular mobile apps and websites leaked PII in 2016 6

Cyber Trends 7. Advanced Threats Targeting the Cloud Attackers will exploit infrastructure as a service (IaaS) as both an attack platform and attack surface. Denial of Service for Ransom to be come a common attack against cloud service providers and cloud based organizations Ransomware attack on a cloud provider Top Cyber Trends 8. Increased Demand for Cyber Insurance The continuous onslaught of cyber attacks have companies and vendors pointing the finger at each other regarding responsibility, and insurance carriers looking for ways to deny claims 7

Cyber Breaches There are 2 types of breaches: 1. Infrastructure 2. Information The reality is that every company/organization will experience an infrastructure breach. The number of attacks and sophistication are growing at a speed that it is not a matter of if, but when. Be Prepared Pain is inevitable, suffering is optional. ~ Buddha An information breach can be prevented with the right control environment (monitoring, detection, training, application controls.) 8

Be Prepared Information breaches are the worst kind, they can cause irreparable damage to an organization. 60% of organizations (small businesses) shut down within 6 months of an information breach Mainly because of inadequate Incident Response Plan (IRP) 1. Perform an information/cyber security risk assessment Identifies processes and key functions that need to be secured so you can build a control environment to meet your needs Identify and inventory all systems (hardware and software) that need to be monitored 9

2. Conduct routine Vulnerability scans (both internal and external). Scans identify configuration gaps that hackers can exploit Most cyber incidents are the result of poor configuration of devices and systems Scans should be conducted at least annually 3. Establish baseline security configurations for all hardware, software including mobile devices, laptops, workstations, servers, etc. Maintain consistency Reduce the risk of unauthorized content being installed Control access based on Need to Know principle Segment network Restrict access to sensitive systems or areas Control and restrict 3 rd party / vendor access 10

4. Centralize and control configuration management and patch management Allows the organization to ensure all workstations, laptops and mobile devices are up to date with the most recent anti virus 5. Ensure disaster recovery and restoration procedures are adequate Consider redundancy over back up If using back up, each system should be automatically backed up on at least a weekly basis, and more often for systems storing sensitive information The operating system, application software, and data on a machine should each be included Test data on backup media on a regular basis 11

6. Establish a formal Security Program Information security policy and procedures Routine security awareness training, (monthly/quarterly) Test employee awareness (social engineering) no a frequent basis 7. Use third party resources to supplement IT skill gaps Consider out sourcing or supplementing IT staff with vendors who specialize in network maintenance Consider hiring consultants to perform risk assessments to identify control gaps/weaknesses 12

8. Understand third party contracts and service level agreements Identify and rank third party vendors based on criticality (i.e. cloud, core, etc.) Carefully review and understand third party agreements Obtain and review applicable SOC reports Review and implement applicable user entity controls 9. Utilize intrusion prevention/detection systems to supplement firewalls (IPS/IDS, ASA) IPS/IDS/ASA systems monitor network activity and notify IT administrators of suspicious or unusual activity. They also block and quarantine suspicious items to help prevent attacks on the network. 13

10. Establish an Incident Response Plan (IRP) Policies and procedures for handling events, including the types and severity of events IRPs include: team roles and responsibilities, media and communication channels (internal/external), cyber insurance, law enforcement contacts, consultants (forensics) Test the IRP through table top exercises Questions 14

Contact Harvey L. Johnson, CPA Partner PBMares, LLP 150 Boush Street, Suite 400 Norfolk, VA 23510 Phone: (757) 627 4644, ext. 6106 hjohnson@pbmares.com Visit www.pbmares.com to read our blog and learn of upcoming events. 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback