Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1
About Harvey Johnson Partner CPA, CISA Niche Leader, Risk Management, IT Services BS in Accounting, University of North Carolina Wilmington MS in Accounting, Old Dominion University Super CPA (2009 2013) Virginia Business Magazine Top 5 Under 35 (2012) VA Society of Certified Public Accountants Top 40 Under 40 (2016) Inside Business Top 40 Under 40 (2016) CPA Practice Advisor About PBMares, LLP Largest full service, Virginia based, accounting and consulting firm Ranked as a Top 100 firm by Inside Public Accounting 40 partners, more than 240 professionals 8 Virginia offices, 1 Baltimore office 2
Cybersecurity Services PBMares has been specializing in Information IT and IS Auditing for 15+ years. Services Include: Cyber Risk Assessments Vulnerability Scans of Network(Internal and External) Penetration Testing IT General Controls Audits Service Organization Control (SOC) Audits Consulting Policy and Procedures Reviews Review of Cyber Insurance Coverage Incident Response Planning and Training Cyber Trends: 2017 and Beyond 3
Top Cyber Trends 1. Ransomware will remain a significant threat Attack methods and targets (including the Cloud) will diversify (Ransomworms, destroying back ups) CyberCrime as a Service Criminals on the dark web with little to no hacking/computer experience can now purchase malware, viruses, worms, etc. Operations come complete with instructions, exploit kits, and even have help/support desks Top Cyber Trends 2. The rise of A.I (Artificial Intelligence) IoT devices main target for botnet zombies Machine learning advance malware attacks Machines to take over many jobs 4
Top Cyber Trends 3. Cryptocurrency Currencies such as Bitcoin, Ethereum to become more popular among millennials Block chain technology to revolutionize monetary and information storing systems Top Cyber Trends 4. Cyber Propaganda The use of tools and other methods to influence political and social agendas 5
Top Cyber Trends 5. Cyber Warfare Top Cyber Trends 6. Mobil and Remote Access Threats Explode Increase in mobile malware to include ransomware, financial malware and RATs McAfee Labs cataloged a large number of mobile threats, especially in Q2 and Q3 of 2016 A recent report showed that more than 200 popular mobile apps and websites leaked PII in 2016 6
Cyber Trends 7. Advanced Threats Targeting the Cloud Attackers will exploit infrastructure as a service (IaaS) as both an attack platform and attack surface. Denial of Service for Ransom to be come a common attack against cloud service providers and cloud based organizations Ransomware attack on a cloud provider Top Cyber Trends 8. Increased Demand for Cyber Insurance The continuous onslaught of cyber attacks have companies and vendors pointing the finger at each other regarding responsibility, and insurance carriers looking for ways to deny claims 7
Cyber Breaches There are 2 types of breaches: 1. Infrastructure 2. Information The reality is that every company/organization will experience an infrastructure breach. The number of attacks and sophistication are growing at a speed that it is not a matter of if, but when. Be Prepared Pain is inevitable, suffering is optional. ~ Buddha An information breach can be prevented with the right control environment (monitoring, detection, training, application controls.) 8
Be Prepared Information breaches are the worst kind, they can cause irreparable damage to an organization. 60% of organizations (small businesses) shut down within 6 months of an information breach Mainly because of inadequate Incident Response Plan (IRP) 1. Perform an information/cyber security risk assessment Identifies processes and key functions that need to be secured so you can build a control environment to meet your needs Identify and inventory all systems (hardware and software) that need to be monitored 9
2. Conduct routine Vulnerability scans (both internal and external). Scans identify configuration gaps that hackers can exploit Most cyber incidents are the result of poor configuration of devices and systems Scans should be conducted at least annually 3. Establish baseline security configurations for all hardware, software including mobile devices, laptops, workstations, servers, etc. Maintain consistency Reduce the risk of unauthorized content being installed Control access based on Need to Know principle Segment network Restrict access to sensitive systems or areas Control and restrict 3 rd party / vendor access 10
4. Centralize and control configuration management and patch management Allows the organization to ensure all workstations, laptops and mobile devices are up to date with the most recent anti virus 5. Ensure disaster recovery and restoration procedures are adequate Consider redundancy over back up If using back up, each system should be automatically backed up on at least a weekly basis, and more often for systems storing sensitive information The operating system, application software, and data on a machine should each be included Test data on backup media on a regular basis 11
6. Establish a formal Security Program Information security policy and procedures Routine security awareness training, (monthly/quarterly) Test employee awareness (social engineering) no a frequent basis 7. Use third party resources to supplement IT skill gaps Consider out sourcing or supplementing IT staff with vendors who specialize in network maintenance Consider hiring consultants to perform risk assessments to identify control gaps/weaknesses 12
8. Understand third party contracts and service level agreements Identify and rank third party vendors based on criticality (i.e. cloud, core, etc.) Carefully review and understand third party agreements Obtain and review applicable SOC reports Review and implement applicable user entity controls 9. Utilize intrusion prevention/detection systems to supplement firewalls (IPS/IDS, ASA) IPS/IDS/ASA systems monitor network activity and notify IT administrators of suspicious or unusual activity. They also block and quarantine suspicious items to help prevent attacks on the network. 13
10. Establish an Incident Response Plan (IRP) Policies and procedures for handling events, including the types and severity of events IRPs include: team roles and responsibilities, media and communication channels (internal/external), cyber insurance, law enforcement contacts, consultants (forensics) Test the IRP through table top exercises Questions 14
Contact Harvey L. Johnson, CPA Partner PBMares, LLP 150 Boush Street, Suite 400 Norfolk, VA 23510 Phone: (757) 627 4644, ext. 6106 hjohnson@pbmares.com Visit www.pbmares.com to read our blog and learn of upcoming events. 15