Cyber Security Risk Management and Identity Theft

Similar documents
Cyber-Threats and Countermeasures in Financial Sector

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Department of Management Services REQUEST FOR INFORMATION

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Governance Ideas Exchange

Cyber Security Updates and Trends Affecting the Real Estate Industry

Defending Our Digital Density.

June 2 nd, 2016 Security Awareness

How to Prepare a Response to Cyber Attack for a Multinational Company.

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Personal Cybersecurity

Preparing for a Breach October 14, 2016

The Cyber War on Small Business

Reducing Cyber Risk in Your Organization

Entertaining & Effective Security Awareness Training

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

Understanding the Changing Cybersecurity Problem

Cyber Insurance: What is your bank doing to manage risk? presented by

Evolution of Spear Phishing. White Paper

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Cyber Risks in the Boardroom Conference

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity The Evolving Landscape

Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training

Cyber Security Issues

Cyber Crime Seminar. No Victim Too Small Why Small Businesses Are Low Hanging Fruit

ACM Retreat - Today s Topics:

Security Breaches: How to Prepare and Respond

Keep the Door Open for Users and Closed to Hackers

Compliance Is Security. Presented by: Jeff Hall Optiv Security

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cybersecurity and Nonprofit

Take Risks in Life, Not with Your Security

Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

OA Cyber Security Plan FY 2018 (Abridged)

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Identity Theft and Data Breach. How to protect yourself?

A practical guide to IT security

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

CYBERSECURITY RISK LOWERING CHECKLIST

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

HELPFUL TIPS: MOBILE DEVICE SECURITY

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

The Impact of Cybersecurity, Data Privacy and Social Media

Security Gaps from the Field

How Breaches Really Happen

2017 Annual Meeting of Members and Board of Directors Meeting

Defensible and Beyond

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+

CYBER SECURITY FOR MEDICAL COLLEGES

A General Review of Key Security Strategies

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

10 FOCUS AREAS FOR BREACH PREVENTION

PII Policies and Procedures

Effectively Meeting the Cyber Security Challenge: Strategies, Tips and Tactics

It Takes the Village to Secure the Village SM

Personal Physical Security

Reviewing the 2017 Verizon DBIR

A CFO s Guide to Cyber Security in the Coming Year

ID Theft and Data Breach Mitigation

Cyber Security. Building and assuring defence in depth

Too Little Too Late: Top Reasons Why You Got Hacked

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

Jeff Wilbur VP Marketing Iconix

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Online Threats. This include human using them!

Hacking and Cyber Espionage

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Incident Response Plans: The Emergency Shutoff Control for Cyber Risk. Tabitha Greiner, Acumera Chris Lietz, Coalfire

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

IT SECURITY FOR NONPROFITS

CYBER SECURITY AND MITIGATING RISKS

Ransomware A case study of the impact, recovery and remediation events

mhealth SECURITY: STATS AND SOLUTIONS

How NOT To Get Hacked

Altitude Software. Data Protection Heading 2018

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

DeMystifying Data Breaches and Information Security Compliance

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Who We Are! Natalie Timpone

ANNUAL SECURITY AWARENESS TRAINING 2012

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

falanx Cyber Falanx Phishing: Measure your resilience

Putting It All Together:

PCI Compliance. What is it? Who uses it? Why is it important?

The Data Breach: How to Stay Defensible Before, During & After the Incident

Transcription:

Cyber Security Risk Management and Identity Theft 2017 MD SHRM State Conference Presented by Robert Bob Olsen, Chief Executive Officer MS ITS, MBA, CISSP, CISM October 16, 2017 This presentation may not be reproduced or distributed without prior written approval of COMPASS Cyber Security.

Agenda Cyber Security Threats Overview Practical Tips and Considerations Responding to Identity Theft 2

Common Misconceptions We would never be targeted by a hacker, My IT team is responsible for cyber security, We do not need to train our employees on security awareness, All our data is in the cloud so we are no longer responsible for protecting it. We have cyber liability insurance so we are good. 3

2017 Verizon Data Breach Report 4

2017 Verizon Data Breach Report 5

Threat Actors External Script Kiddies, Ego, victim embarrassment, 3 rd Party Application Vendor, Financial gain, negligence, Hacktivists, Cause driven - religious, political, environmental. 6

Threat Actors External Criminal Hacker, Financial gain, Extortion, High value client targets, Nation State, Blackmail, Espionage, Financial gain. 7

Threat Actors Internal Negligent Insider, Lost mobile device, Accesses sensitive data from personal device, 3 rd Party Vendor, HVAC, security, janitorial, etc., Malicious Insider, Disgruntled employee(s), Bribed or blackmailed employee. 8

Threats and Business Impacts Phishing loss of data, brand damage, BEC transfer of $, brand damage, Ransomware loss of data and extortion, brand damage, DDoS loss of client access to portal, brand damage, Stolen user credentials unauthorized 3 rd party access, brand damage. 9

Threats and Risks Analysis 10

Phishing Example Nearly identical email address (JohnHill vs. JohnHilll) Place she had visited from Facebook Name of a local bank Home address Including phone number 11

Threat/Controls Mapping Example PEOPLE POLICY TECHNOLOGY Culture of Security Least Access Privileges Email Filters Awareness Training Incident Response Plan Firewall Mock Phishing BCP/DRP Network Segmentation Role Based Access Cyber Insurance Patch Management Data Governance SIEM IDS/IPS 12

Practical Tips Policy Inventory and classify your data, Catalog and classify your data, Focus protection measures on most sensitive data, Perform annual policy reviews, Organization changes, Emerging/new technology, Newly outsourced/insourced functions, Policies should include all departments. 13

Practical Tips People People are the weakest link! Senior leadership support is critical, Lead by example, Regularly raise employee security awareness, Drip method, Seminar, webinars, podcasts, security tips, etc., Create a culture of security and make it personal for everyone. 14

Creating a Culture of Security Make it personal, If this then that examples, Tailor training to specific functions: Option 1 Individual departments (HR, finance, legal) and general population, Option 2 Group high risk users (hr, finance, legal) and general population, Incorporate reminders into everyday activities. 15

House Analogy Technology Your Residence Locks on doors Monitored alarm system Signage Safe for valuables Dog Video cameras Security guard(s) Police activity reports Your Organization Passwords, 2 factor authentication Firewall, antivirus, security monitoring Group policies Network segmentation, encryption Firewall, intrusion detection system, network alarms Security incident & event monitoring (SIEM) Security consultants Threat intelligence 16

House Analogy People & Policy Individual keys Your Residence Alarm system code(s) Stranger danger awareness Check who is at door before opening Annual fire drill exercises Your Organization Password management; privileged access; access control policy Role based access; password management Security awareness training Role based access (guest/faculty); awareness training Phishing exercises, incident response plan 17

Practical Tips Technology Technology should support and enforce your policies, Layered defense is the most effective, Ensure that you are regularly updating your network devices (laptops, firewalls, servers, etc.), Operating systems and applications, Understand the risks of your cloud provider(s). 18

Identity Theft PII and/or PHI used to create a false identity, Employees, Family members, Clients, Usage examples include credit cards, false tax return, store loyalty programs, internal impersonation, Combination of technical and social engineering tactics being used. 19

Identity Theft Fraud Statistics 20

Identity Theft Fraud Statistics 21

Identity Theft Top 10 States 2015 1. Missouri 2. Connecticut 3. Florida 4. Maryland 5. Illinois 6. Michigan 7. Georgia 8. Texas 9. New Hampshire 10.California Ranked based upon complaints per 100,000 residents. Source Insurance Information Institute 22

Identity Theft Response Steps https://www.identitytheft.gov 23

Identity Theft Response Steps https://www.identitytheft.gov 24

Identity Theft Response Steps https://www.identitytheft.gov 25

Summary Hackers are targeting all organizations that possess high value data, Human resources professionals play a key role in cyber security, A risk management approach is the most effective and practical one, You must be proactive, Cyber security is a team sport. 26

Contact Information Robert (Bob) Olsen Chief Executive Officer rolsen@compasscyber.com 410-340-3560 LinkedIn: @rolsen3 Twitter: @rlolsen3 and @compasscyber 27

Follow Us https://www.linkedin.com/compasscyber https://www.facebook.com/compasscyber https://twitter.com/compasscyber https://plus.google.com/+compasscybersecuritybaltimore https://soundcloud.com/compasscyberguide BALTIMORE 250 S President Street Suite 2300 Baltimore, MD 21202 WASHINGTON, DC 701 8th Street NW Suite 400 Washington, DC 20001 https://itunes.apple.com/us/podcast/the-cyberguide/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback