Cyber Security Updates and Trends Affecting the Real Estate Industry

Similar documents
Cyber-Threats and Countermeasures in Financial Sector

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

PEOPLE CENTRIC SECURITY THE NEW

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Insurance: What is your bank doing to manage risk? presented by

Personal Cybersecurity

The Cyber War on Small Business

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Governance Ideas Exchange

Securing Office 365 with SecureCloud

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

June 2 nd, 2016 Security Awareness

Security Readiness Assessment

Cyber Security Risk Management and Identity Theft

ANATOMY OF AN ATTACK!

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Security & Phishing

Why you MUST protect your customer data

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Reviewing the 2017 Verizon DBIR

WHITE PAPER. Vericlave The Kemuri Water Company Hack

Cybersecurity The Evolving Landscape

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

How Cyber-Criminals Steal and Profit from your Data

Microsoft Finland. Microsoft in Finland is a strong millennial, born ,000+ partners generating 8 $ revenue per each $ by MSFT

Cloud Security Myths Paul Mazzucco, Chief Security Officer

Best Practices in Securing a Multicloud World

Too Little Too Late: Top Reasons Why You Got Hacked

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

DeMystifying Data Breaches and Information Security Compliance

Protecting your next investment: The importance of cybersecurity due diligence

Information Security Is a Business

ID Theft and Data Breach Mitigation

Cybersecurity and Nonprofit

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

10 FOCUS AREAS FOR BREACH PREVENTION

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Challenges and. Opportunities. MSPs are Facing in Security

with Advanced Protection

Defensible and Beyond

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Who We Are! Natalie Timpone

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

New Jersey Association of School Business Officials Information Security K-12. June 5, 2014

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

Data Lakes & Leaks Erno Doorenspleet. IBM Security

Altitude Software. Data Protection Heading 2018

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

Security Breaches: How to Prepare and Respond

Cybersecurity in Higher Ed

Cyber Fraud What can you do about it?

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Employee Privacy in the Electronic Workplace

2018 Edition. Security and Compliance for Office 365

Hacking and Cyber Espionage

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

How NOT To Get Hacked

Healthcare HIPAA and Cybersecurity Update

Verizon Software Defined Perimeter (SDP).

Compliance Audit Readiness. Bob Kral Tenable Network Security

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Data Protection in Practice

Next Generation Authentication

REPORT. proofpoint.com

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Building a Resilient Security Posture for Effective Breach Prevention

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Securing the SMB Cloud Generation

mhealth SECURITY: STATS AND SOLUTIONS

Transcription:

Cyber Security Updates and Trends Affecting the Real Estate Industry

What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways 2

Introductions David Hendrickson Cyber Security Manager Micah Wenz IT Risk Services Manager 3

Cyber Security Today The Why 4

5

Cyber Attacks Path of Attack Services in the Cloud i Employees Web App Firewall Remote Access Customers / Clients 3 rd Parties 6

Cyber Attacks Anatomy of a Breach Discovery Capture Web App Firewall Remote Access Internal Attacks Exfiltration 9

Breach Snapshot Malicious Actors in a Breach Organized Criminal Groups 51% Involved Partners Multiple Parties 2% 3% State-Affiliated Actors Internal Actors 18% 25% Outsiders 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Verizon Enterprise 2017 Data Breach Investigations Report (4/27/2017) 8

Breach Snapshot Tactics Used in a Breach Physical Actions Privilege Misuse Errors 8% 14% 14% Social Attacks 43% Stolen/Weak Passwords 81% Malware 51% Hacking 62% 0% 20% 40% 60% 80% 100% Verizon Enterprise 2017 Data Breach Investigations Report (4/27/2017) 9

Big 3 Issues Now Security Hygiene Assess Third Parties Operate Design Implement People 10

High Profile Breaches from the Big 3 Fraud & Extortion Intelligence Gathering Massively Successful 11

And of course. Equifax data breach affects 143 million consumers Handling of breach called a dumpster fire Stock is already down 36% from high Separate breach in March was just disclosed Lawsuits are on the way This will likely be the most costly breach in U.S. history 12

Changes to Security Standards and Trends Part of the How 13

General Information Discussion: Why this matters to your business Every major standard update is now including: Supply Chain Security Emphasis/Focus on Multi-Factor Authentication Standards changes are migrating from: U.S. Government Critical Infrastructure Highly Regulated All organizations 14

Real Estate Concerns and Considerations 15

The Real Estate Industry is a Current Target Primary Target: $$ Re-directing payments Fake bills and invoices Theft of Tenant financial information Secondary Targets: Personal Information Sensitive/Confidential Information Control of Systems and Devices Access to Additional Locations 16

Example FBI Reports: $19 Million diverted from real estate purchases in 2016 using email (phishing) techniques As of Jan 2017, one Memphis real estate company had lost at least $2.2 Million and was targeted on a daily basis for additional fraud. Targets of the Attacks Include: 17 Real Estate Agents Real Estate Companies Closing and Title Companies Tenants

Understand Your Current Exposure Assessing Security and Risk 18

Risk and Security Assessments Understand the current posture Prepare the environment Consider the following assessments: Enterprise Risk Assessment IT/Cyber Risk Assessment Data Classification Compliance (as needed) Technical Assessments Readiness Assessments 19

Understand Our Environment Data Flow Our Environment File Storage Service Provider On Premise Systems Service Provider Email and Workflow Service Provider Portals & Documents Direct management Third Party Management 33

Understand Our Environment Risk 34

Design Better Security Resources & Capabilities People Process Technology Assess Drivers & Requirements Confidentiality Integrity Availability Cyber Security Program 35

Basic Cybersecurity No need to be a technical guru to be able to implement basic cybersecurity practice. Topics to be knowledgeable on: Phishing emails USB practices Internet browsing Password security 23

Phishing Emails 24

Phishing Emails 25

USB Good Practice USB devices can be utilized to migrate malware onto the target computer. Do not accept or use USBs from strangers. Disable USB ports on computers. 26

Internet Browsing Beware URLs and links that contain typos. HTTP vs HTTPS http://bit.ly/ifhzvo 27

Password Security Do not reuse passwords across websites. Use a combination of letters, symbols, and numbers in your password. The longer the password, the more difficult it is for a hacker to crack it. Don t store passwords in plain text files or on your desk. Encrypted, centralized location for passwords. 28

What we can do People Training DON T CLICK! Culture Reporting & Response Technical Controls designed in to the process Internal Controls use your people & processes 29 I may have clicked on something. Use the capabilities included in your technology. Processes designed to support proper controls and approvals.

Key Takeaways & Action Items Get Started! Perform initial cyber risk assessment Define what is important and why Define how you want to proceed Design and Build Your Program Perform ongoing assessments to support needs 30

Questions? 31

Contact Information RubinBrown Denver office 303.698.1883 David Hendrickson 720.709.5604 David.Hendrickson@rubinbrown.com Micah Wenz 303.952.1215 Micah.Wenz@rubinbrown.com 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback