Too Little Too Late: Top Reasons Why You Got Hacked

Similar documents
How Breaches Really Happen

9 Steps to Protect Against Ransomware

Ransomware A case study of the impact, recovery and remediation events

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Ransomware A case study of the impact, recovery and remediation events

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Cyber Security Updates and Trends Affecting the Real Estate Industry

Synchronized Security

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Cyber-Threats and Countermeasures in Financial Sector

Personal Cybersecurity

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

2017 Annual Meeting of Members and Board of Directors Meeting

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Stop Ransomware In Its Tracks. Chris Chaves Channel Sales Engineer

Angelo Gentili Head of Business Development, EMEA Region, PartnerNET

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Cyber Attack: Is Your Business at Risk?

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Effectively Meeting the Cyber Security Challenge: Strategies, Tips and Tactics

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Information Governance, the Next Evolution of Privacy and Security

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cybersecurity The Evolving Landscape

Reviewing the 2017 Verizon DBIR

Building Resilience in a Digital Enterprise

Service Provider View of Cyber Security. July 2017

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

(U) Cyber Threats to the Homeland

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

SECURITY IN MICROSOFT AZURE. Marija Strazdas Sr. Solutions Engineer

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Digital Health Cyber Security Centre

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Modern attacks and malware

Cyber security tips and self-assessment for business

Défense In-Depth Security. Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Cyber Security Risk Management and Identity Theft

Understanding the Changing Cybersecurity Problem

Proofpoint, Inc.

ISACA West Florida Chapter - Cybersecurity Event

CYBER SECURITY AND MITIGATING RISKS

Copyright 2011 Trend Micro Inc.

The GenCyber Program. By Chris Ralph

Cyber Security. Our part of the journey

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Security & Phishing

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Electronic Communication of Personal Health Information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Security Audit What Why

Seqrite Endpoint Security

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Security Breaches: How to Prepare and Respond

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

CyberEdge Group 2018 Cyberthreat Defense Report

HOSTED SECURITY SERVICES

Monthly Cyber Threat Briefing

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Securing the Grid and Your Critical Utility Functions. April 24, 2017

SITUATIONAL INFORMATION REPORT FEDERAL BUREAU OF INVESTIGATION Cyber Alert

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Cybersecurity Today Avoid Becoming a News Headline

Office 365 Buyers Guide: Best Practices for Securing Office 365

K12 Cybersecurity Roadmap

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

Employee Privacy in the Electronic Workplace

Cyber Security: Threat and Prevention

Data Breach Trends: What Local Government Lawyers Need to Know

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Cyber Maryland 2017: Continuous Innovation and Cyber Incident Response

Click to edit Master title style. DIY vs. Managed SIEM

HIPAA 2017 Compliancy Group, LLC

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cybersecurity Survey Results

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Take Risks in Life, Not with Your Security

Sierra- Cedar s Best PracDces for Building a Security OperaDons Center

PT Unified Application Security Enforcement. ptsecurity.com

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Legal Aspects of Cybersecurity

Defensible and Beyond

Sheila Warren, VP of Alliances and General Counsel. Independent Sector Preparing to Be Hacked October 2015

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Information Security Controls Policy

THE REAL TRUTH BEHIND RANSOMWARE EDDY WILLEMS SECURITY EVANGELIST

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Transcription:

TUESDAY MAY 23,2017 2:00-3:15 PM Too Little Too Late: Top Reasons Why You Got Hacked MODERATOR SPEAKERS John Gross Director of Financial Management, City of Long Beach, CA Chad Alvarado Supervisory Special Agent, Denver FBI Cyber Task Force Robert Miller Manager - Corporate Security, Sierra-Cedar, Inc. #GFOA2017

SSA Chad Alvarado Denver Field Office May 23, 2017

Agenda UNCLASSIFIED A brief overview of the FBI mission and structure; and its role in Cybercrime Current trends, including common criminal schemes and national security threats When to report an incident, how to report and what to expect from law enforcement Review of best practices and overview of benefits of partnerships with FBI Denver FBI Cyber Task Force

Agenda About Me What s the latest trends Denial of Service Privilege Misuse Crimeware / Ransomware Takeaways 4

About Me Robert Miller Sierra-Cedar, Inc. One of the largest independent North American IT services companies Provider of PeopleSoft hosting services with over 50 hosted clients including State of Kansas, Ramsey County in Minnesota, City of Milwaukee, Harvard University, and Arizona State University. Currently supports more than 700 PeopleSoft, Hyperion, and E-Business Suite environments I am currently the Corporate Security Manager and support security and compliance activities for both US and overseas operations Over 12 years experience working in the Information Security industry Manage a 7 person multinational team from the US, Canada, and India CISSP, GIAC GCFA, Carbon Black s Response Analyst, and Guidance Software's EnCE. 5

Latest trends - 2017 Verizon DBIR 6

Denial of Service 7

Denial of Service Two types: Distributed Denial of Service (DDoS) Telephone Denial of Service (TDoS) 98% targeted at larger organizations Normally only last a couple of days 8

Detection and Prevention Does your Network team have alerts setup to identify a DDos/TDos? Do the firewalls block packets based on rate limits? How much traffic can your network handle before its impacted? Does your current devices (i.e. firewalls, IDS/IPS, Load balancers, etc.) provide any protection? Do you have an agreement in place with a vendor in the event your company is impacted? Weigh the cost with having a solution in place vs acquiring when under attack 9

Privilege Misuse 10

Privilege Misuse Threat actors 81.6% - Internal 8.3% - Collusion 7.2% - External 2.9% - Partner Why? Money Snooping Insider trading Starting new company / new job Detection can take years 11

Detection and Prevention Limit account access Confirm logging is enabled to identify this activity Configure alerts to be triggered for activity out of the ordinary Surge in emails to personal accounts with attachments Large transfer of files to external devices (USB) Enable two-factor 12

Crimeware / Ransomware 13

What is it? Ransomware is a type of malicious software, or malware, which encrypts the data on a computer to prevent it from being accessed until a ransom is paid. Typically paid in Bitcoins Most commonly spread through: spam emails targeted phishing attacks drive-by downloads malware already on your computer Most common on Windows workstations Servers are affected indirectly when a user on their workstation has mapped drives or has an automated process to copy files from their machine to a server. 14

How does it work? Cybercriminal sends spam email with malicious document User receives spam email with malicious attachment and opens it Attachment is downloader malware that connects to URLs hosting the cryptoransomware Victims must use Tor browser to pay using Bitcoins A ransom message is displayed, stating the deadline and amount Files in the affected computer are encrypted The crypto-ransomware is downloaded onto the computer 15

Ransomware on the rise 16

17 99% sent by either email or web server

18 Takeaways

What You Can Do Educate users Is your organization performing social engineering exercises on a regular basis? Does your security program require employees to attend and/or watch security awareness videos? Network defenses Is your Network team auditing the firewall rules on a consistent basis? Is your network segmented? Are you performing penetration tests against your network? Are you performing vulnerability scans on a regular basis? Is your IDS/IPS appliance configured to automatically block attacks? Is your Security team monitoring IDS/IPS alerts and taking action? 19

Continued Administration rights Limit local admin rights on workstations Restrict write permissions on file servers where applicable Has your organization disabled macro-enabled Office documents? Enable two-factor Email Review current email filtering rules Is your organization blocking and/or inspecting executables at the mail gateway? Software patching What is your patch cycle? How does your organization handle newly released critical vulnerabilities? 20

Continued Application whitelisting Do you have a software application that will prevent unwanted applications from running? Logging Do you have a SIEM that correlates all of your logs? 21

Further Reading and Resources Verizon s yearly analysis of global security incidents http://www.verizonenterprise.com/verizon-insightslab/dbir/2017/ 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback