Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Similar documents
How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Fighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection. IBM Security s Brooke Satti Charles on the Power of These New Capabilities

THE ROLE OF ADVANCED AUTHENTICATION IN CYBERSECURITY FOR CREDIT UNIONS AND BANKS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Sage Data Security Services Directory

with Advanced Protection

Best Practices in Securing a Multicloud World

What It Takes to be a CISO in 2017

Cyber Insurance: What is your bank doing to manage risk? presented by

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Managed Endpoint Defense

Cybersecurity and the Board of Directors

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

CYBER RESILIENCE & INCIDENT RESPONSE

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Service Provider View of Cyber Security. July 2017

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

INTELLIGENCE DRIVEN GRC FOR SECURITY

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

CYBER SOLUTIONS & THREAT INTELLIGENCE

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

A new approach to Cyber Security

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF Virtual CISO

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Cybersecurity The Evolving Landscape

Cybersecurity Today Avoid Becoming a News Headline

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

RSA INCIDENT RESPONSE SERVICES

CYBERSECURITY MATURITY ASSESSMENT

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Gujarat Forensic Sciences University

Sales Presentation Case 2018 Dell EMC

A Forensic Accountant in Cyber Security

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

How Breaches Really Happen

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

to Enhance Your Cyber Security Needs

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Cyber Security Stress Test SUMMARY REPORT

SWIFT Customer Security Programme

A CFO s Guide to Cyber Security in the Coming Year

2015 VORMETRIC INSIDER THREAT REPORT

Effective Cyber Incident Response in Insurance Companies

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Mastering The Endpoint

CISO as Change Agent: Getting to Yes

Changing the Game: An HPR Approach to Cyber CRM007

Cyber Attack: Is Your Business at Risk?

Security-as-a-Service: The Future of Security Management

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Automated Context and Incident Response

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Cybersecurity and the Board of Directors

Security & Phishing

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cybersecurity Overview

White Paper. How to Write an MSSP RFP

Legal Aspects of Cybersecurity

Cyber Resilience - Protecting your Business 1

QUICK WINS: Why You Must Get Defensive About Application Security

Panda Security 2010 Page 1

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Evolution of Spear Phishing. White Paper

Solutionary helps prepare for the inevitable

Defending Our Digital Density.

Barbara Ciaramitaro, lead professor of IT and cyber security at Walsh College in Troy

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

ForeScout Extended Module for Splunk

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE

Chapter X Security Performance Metrics

Transcription:

Cybersecurity for the SMB CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized businesses should not breathe any sighs of relief. They are very much still targets, says Austin Murphy of CrowdStrike. He offers cybersecurity advice to SMBs. Austin Murphy Murphy has a broad background of leadership experience in the information security community, from both private sector professional services and the U.S. Department of Defense. As the vice president of managed services, Murphy leads the team responsible for managing the Falcon platform on behalf of customer organizations, delivering a complete managed endpoint security strategy, from prevention, through detection and response, including full hands-on remote remediation. I think it s a real mistake to think you re somehow insulated or protected from attack because you re small, says Murphy, vice president of managed services with CrowdStrike. If you as an organization depend on IT systems for operating your business, then you are a target for attack let s just state that plainly. In an interview on cybersecurity for the SMB market, Murphy discusses: Threats and threat actors that matter most to smaller organizations; Common security oversights by smaller enterprises; Strategies to build stronger cybersecurity defenses. Threat Landscape TOM FIELD: I d like to get your take on the current threat landscape. What are the threats, and who are the threat actors that give you the most concern? AUSTIN MURPHY: One thing to note about the current threat landscape is that everyone really seems to be upping their game all of the actors that we track. We used to think about the threat landscape as different types of actors. There were commodity actors, nuisance actors, script kiddies all the way up to the highly sophisticated targeted threats the statesponsored actors that were known for being very difficult to deal with because of the tactics that they used for establishing persistence and networks and bypassing controls. We ve seen many of these tactics that used to be really reserved for the targeted actors democratized. Now they re being adopted by opportunistic attackers and then automated to put them to scale. It s a little bit less helpful now to think about different actors that we need to be concerned about or not concerned about, because many of them are using things like credential theft and lateral movement and multistage malware that s modular, polymorphic. One of the largest concerns that we ve observed when we think about the state of the threat landscape is that actors that used to blindly and opportunistically attack very broadly, and use nuisance threats like bots or spam or click fraud are now regularly brokering that access into networks that they compromise. We re seeing that they ve identified additional revenue streams from their botnets by identifying which networks they have access to. Then they choose do they either want to use this access for spam or click fraud, or do they want to sell that access on the dark web to an attacker that may have a more targeted interest in that network? The takeaway there is that we can no longer ignore the lower-level threats; we need to treat them all as hostile to our networks. Everyone s a Target FIELD: Austin, we hear a lot about the high-profile breaches that effect Fortune Cybersecurity for the SMB 2

We can no longer ignore the lower-level threats; we need to treat them all as hostile to our networks. 500 companies, such as Equifax. This focus might make smaller organizations feel that they re relatively secure and that they re not targets. But in your experience, what are the odds that these smaller organizations could encounter the same types of attacks? MURPHY: It s a real mistake to think that you re somehow insulated or protected from an attack because you re small. If you as an organization depend on IT systems for operating your business, then you are a target for attacks. Let s state that plainly. If you store or process data that can be monetized, such as payment card data, that data can be sold on card forums. If you process personally identifiable information, that information is valuable for fraud schemes as well. Even if you don t think you have sensitive data, or that you don t have enough of it that it would be interesting for an attacker to target you, you can still be targeted for things like email compromise or wire fraud and extortion. Recently, we worked a case where an attacker was able to compromise the email account of a CEO of a very small company just by getting their password and then logging in. What they did is they monitored those emails. They would log into the CEO s account for weeks, monitoring the emails and observing the pattern of how transactions were being approved at that organization. They identified that in this organization, invoices over a certain amount had to be approved by the CEO, so they would send the invoice to the CEO for approval, and then he would forward that on for processing. The attackers waited until a particularly large invoice came in and they intercepted it. What was interesting is that they actually left the invoice as it looked, but they changed the wiring, the routing instructions, on a legitimate invoice. Then with the access to the CEOs email infrastructure, they forwarded that on for processing. What the CFO received was a legitimate invoice from a legitimate customer with a legitimate PO, and processed it, but the CFO sent the money to banking infrastructure that the attackers controlled. There s nothing special that would make a large or a small organization more vulnerable or less vulnerable to it. Attackers, in fact, know that smaller organizations don t have strong controls in place and may not have prepared for this, so they re easier to take advantage of in these types of schemes. Biggest Cybersecurity Risk FIELD: Austin, we hear a lot about business email compromise and ransomware. What do you see as today s biggest cybersecurity risk for small to mid-size organizations? MURPHY: The biggest risk to these organizations is their own lack of visibility into the state of their security in the organization. The legacy solution vendors and the providers are partly to blame for this because of their historically poor performance against modern, more complicated threats. The lack of awareness that these small businesses have is a doubled-edged sword. First, visibility is what exposes the vulnerabilities in the first place. Second, it makes it much worse if there is an attack, because when an attack occurs, they also don t have the visibility to effectively respond, so they can t conduct an investigation, and they can t rapidly understand what is happening. The attacks Cybersecurity for the SMB 3

A big mistake that we see smaller organizations make is that some of them think of security as a state that you can achieve. that they do face are more impactful than they need to be. Biggest Mistakes FIELD: Well, what do you see then as some of the biggest mistakes that SMBs make when it comes to cybersecurity? MURPHY: There are really two main mistakes that we see a lot of smaller organizations making. The first is having an assumption that it won t happen to them. The types of attacks that we face today are easy to automate and scale, so it s really unhelpful to think that the size of your organization somehow factors into the risk profile the way that it does in the physical world for physical world crime. The power of automation, for all of the wonders that it does us, it also allows attackers to automate and scale their attacks. An attacker can dream up a lifecycle of attack, and then launch it out into the world with automation. Oftentimes, it s the smaller organizations that are less prepared and vulnerable that do get hit the hardest with these. And that s what we see with the evolution with ransomware and other extortion techniques: Smaller organizations are hit much more frequently and much more impactfully than larger organizations. The second big mistake that we see smaller organizations make is that some of them think of security as a state that you can achieve. We know successful organizations understand that the concept of secure is not something that you are; rather security is a process that you participate in. The former way of thinking leads you to buy security products and technology and put controls in place and then sit back and hope that they work. The latter way of thinking thinking of security as a process leads you to think, and engage and evolve your process with the help of technology and solutions. Successful organizations are spending time testing their controls. They re observing where they fail, and they re improving them and learning about how attackers are changing by paying attention to what s happening to other organizations. They re applying those lessons learned back into their networks. It s that ongoing improvement that ultimately leads to success. Getting Started FIELD: How do you recommend that an SMB get started on the path to better cybersecurity protection? MURPHY: It starts with an inventory not only of your assets, but also an inventory of the controls we have in place to really understand what is happening today. We seek to know thyself first and inventory your processes. A security professional in the organization should not only understand how security Cybersecurity for the SMB 4

Every organization should understand what your team is good at and where your deficiencies are, and then seek to partner with others. functions within their company, but also how the business operates, how data flows, how teams work, how decisions are made, to understand where would the vulnerabilities be so that they can build and enhance controls into that. A lot of this inventory does involve having good technical visibility into what s happening on your network, what s happening on your endpoints, and understanding what types of applications are running, and what those applications doing. Then we can understand what is normal and what is not normal, and we can respond effectively to threats that we observe, identifying attack scenarios that may effectively target your own organization, and then modeling them out in tabletop exercises and understanding how your organization would perform in a given scenario. How would your organization prevent an attack scenario, or if you were unsuccessful at preventing it, how would you detect it? A big part of this is just understanding if something like a business email compromise happened here, how would my organization even know that that happened? Let s talk about our detection controls, and then if we did detect it, what s our response? How do we respond to something like that here? Who has what responsibilities, and do we have the training and the technology and the visibility required to effectively to deal with an incident? Then go through those tabletop exercises on any given attack scenario and take those lessons learned back to improve your controls, increase your visibility, increase the awareness from your organization in addressing those gaps. For the gaps in those areas where you don t have the capacity or capability or budget or funding to address them internally, look to partner with other organizations that do have those types of domain expertise to be effective in that space. I always tell people, my team is staffed with people that are experts at endpoint security, incident response, and forensics. We don t know a whole lot about audit regulatory compliance, but our sweet spot is in that incident response and incident handling. Every organization should understand what your team is good at and where your deficiencies are, and then seek to partner with others. 3 Top Cybersecurity Issues FIELD: To summarize, what would you say are the three most important things an SMB should know and understand about cybersecurity? MURPHY: Most importantly, the first is understanding that security is not a state; it s a process. It s a really important concept that it should be always evolving, and that it involves action of people on your team, not simply on setting controls and technology. Secondly no controls can be effective and no technology can be properly implemented without a proper inventory the concept of really taking inventory not only of assets, but of process controls and applications and really defining what the landscape looks like within your organization. Then last is to look to partner with organizations that have domain expertise in areas where you re seeking to shore up after you ve done that inventory. Once you ve identified where your gaps are, partner with organizations that can effectively help you close those gaps. Cybersecurity for the SMB 5

About ISMG Information Security Media Group (ISMG) is the world s largest media organization devoted solely to information security and risk management. Each of our 28 media properties provides education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges. Contact (800) 944-0401 sales@ismg.io 902 Carnegie Center Princeton, NJ 08540 www.ismg.io

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback