Defending Our Digital Density.

Similar documents
2017 Annual Meeting of Members and Board of Directors Meeting

Cybersecurity and Nonprofit

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity Survey Results

The Impact of Cybersecurity, Data Privacy and Social Media

mhealth SECURITY: STATS AND SOLUTIONS

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

ISACA West Florida Chapter - Cybersecurity Event

Cyber Risks in the Boardroom Conference

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Statement for the Record

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

New Zealand National Cyber Security Centre Incident Summary

Cybersecurity Overview

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

(U) Cyber Threats to the Homeland

Cybersecurity and Hospitals: A Board Perspective

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Securing Industrial Control Systems

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+

ACM Retreat - Today s Topics:

Personal Cybersecurity

Cyber Security Stress Test SUMMARY REPORT

The Cyber War on Small Business

OA Cyber Security Plan FY 2018 (Abridged)

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

SFC strengthens internet trading regulatory controls

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Cyber Security Risk Management and Identity Theft

Cybersecurity in Higher Ed

Testimony. of the. American Hospital Association. before the. Subcommittee on Intergovernmental Affairs. of the

Cyber Threat Landscape April 2013

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Service Provider View of Cyber Security. July 2017

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

Business continuity management and cyber resiliency

Monthly Cyber Threat Briefing

What It Takes to be a CISO in 2017

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Cybersecurity in Government

Protecting your next investment: The importance of cybersecurity due diligence

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

The Office of Infrastructure Protection

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Security Breaches: How to Prepare and Respond

Cybersecurity: Federalism as Defense-in-Depth

Cyber security tips and self-assessment for business

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Cyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:

Emerging Issues: Cybersecurity. Directors College 2015

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

Must Have Items for Your Cybersecurity or IT Budget in 2018

The New Era of Cognitive Security

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Opening Doors to Cyber and Homeland Security Careers

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Convegno Sezione Automazione ANIMP

Cyber Security Issues

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Governance Ideas Exchange

Defensible Security DefSec 101

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Cyber Resilience. Think18. Felicity March IBM Corporation

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

2017 SPRING INTERNSHIP PROGRAM OPPORTUNITY

This Webcast Will Begin Shortly

2017 U.S. State of Cybercrime.

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Jeff Wilbur VP Marketing Iconix

Security Survey Executive Summary October 2008

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

CYBER SOLUTIONS & THREAT INTELLIGENCE

Cybersecurity 2016 Survey Summary Report of Survey Results

The Cost of Denial-of-Services Attacks

U.S. State of Cybercrime

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

A practical guide to IT security

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Bad Idea: Creating a U.S. Department of Cybersecurity

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

Transcription:

New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) is known as the Division of Cybersecurity of the New Jersey Office of Homeland Security and Preparedness (NJOHSP). NJOHSP helps to direct prevention, detection, protection, response, and recovery planning, not only at the State level, but also at the regional and national levels with our varied partners. NJOHSP is led by Director Jared Maples and comprised of four Divisions: Intelligence, Policy and Planning, Cybersecurity, and Administration.

GOV. PHIL MURPHY LT. GOV. SHEILA OLIVER DIR. JARED MAPLES NJCCIC NJ Cybersecurity & Communications Integration Cell The State s one-stop shop for cybersecurity Information Technology Homeland Security Law Enforcement Protect our State Agencies Facilitate the adoption of best practices Promote statewide awareness of the threat landscape Objectives Reduce Cyber Risk Information contained in this document is and may be distributed without restriction.

Organization Governance Risk and Compliance SECOPS Cyber Threat Intelligence & Analysis Partnerships Information contained in this document is and may be distributed without restriction.

ROIC s Mission Information contained in this document is and may be distributed without restriction.

Tactics NJCCIC: Training & Awareness Policies & Protocols Hardware & Software Information contained in this document is and may be distributed without restriction.

Threat Landscape Iran Espionage Critical Infrastructure China ICS SCADA Russia Romania Manipulative North Korea Data Breaches Darknets Fraud Black Market SSNs Profit-motive Identity Theft Insurance Fraud PII Anti-Government Anti-Police Ideology Crime Doxing Vandalism Nation-state Cyber Warfare Lifeline sectors Advanced Persistent Threats Hacktivism Terrorism Physical Damage Sabotage Pro-ISIS Intrusions Subversion Public Health Politically Motivated Ideology Denial of Service Retribution Website Defacements Network Exploitation Information contained in this document is and may be distributed without restriction.

2017 KPMG s (Sector) Cyber Survey 43% of respondents have not increased cybersecurity budget despite knowledge of high-profile breaches Over half of respondents have seen an employee fall victim to a phishing scam & approximately one third have seen theft from a secured database by internal bad actor 87% of organizations can identify a cyber-event but only 59% can manage risk proactively ~36% of organizations do not have a CISO Information contained in this document is and may be distributed without restriction.

Ponemon Institute: 2017 Cost of Data Breach Key Findings: US average total cost of data breach = $7.35M 47% of breaches caused by malicious attacks On average, it took organizations 206 days to identify a breach Healthcare breach avg. cost per record = $380 (industry average = $225) Image Source: Ponemon Ins0tute Information contained in this document is and may be distributed without restriction.

Cyber Event Threats: The Rearview Mirror Information contained in this document is and may be distributed without restriction.

Municipal Govt. Threat The Rearview Mirror Citizen Data Theft Service Interruptions Ransomware Information contained in this document is and may be distributed without restriction.

Colorado DOT for State of CO hit with Ransomware Multiple times Over 2,000 Systems affected National Response Information contained in this document is and may be distributed without restriction.

2017: Municipal Ransomware - NJ NJCCIC received 31 Reports of Ransomware within NJ last year. 6 were NJ Police Departments. Actual number of Local PD s was over 17. NJCCIC Analysts were able to de-crypt and restore about 30-40% at no cost to the victim. Information contained in this document is and may be distributed without restriction.

The Road Ahead Threats / Trends: Data Theft Will Persist Expanding Extortion Tactics Mobile Device Vectors Data Manipulation Information contained in this document is and may be distributed without restriction.

Best Practices People are the first line of defense TECH PROCESS PEOPLE but most often the weakest link. Information contained in this document is and may be distributed without restriction.

Best Practices Proactive Measures to Reduce Risk: People All members of an organization (e.g. Municipal Government), including the Mayor, Council, Township s senior management, part-time, and contracted workers, must be educated and trained on best practices. Visibility & Discussion procedures, posters, newsletters, reminders. Users should understand how and why they need to follow certain guidelines, not just what they need to do. Users should be held accountable for repeated offenses. Organizations should use examples of security violations and incidents to increase awareness. Information contained in this document is and may be distributed without restriction.

Best Practices Proactive Measures to Reduce Risk Processes Policies & procedures should be documented, reviewed, & consented to by all employees, such as an incident response plan, data retention & intellectual property policy, bring your own device policy, & social media policy. Define a process to ensure updates and patches are deployed to all operating systems, software, browsers, plugins, and mobile devices as soon as possible. Implement two-factor authentication (2FA) on all applicable software or services, as well as a password policy with an eight to ten character minimum, standard complexity requirements, and mandatory reset schedule. Ensure all critical data is backed up as necessary and backups are stored offline in a secure location, and tested regularly. Information contained in this document is and may be distributed without restriction.

Best Practices Proactive Measures to Reduce Risk Technology Conduct regular asset inventories to identify all devices and systems that comprise your network, followed by vulnerability assessments to identify security gaps Implement end-to-end encryption and/or tokenization on any systems that collect, store, or transmit personally identifiable information (PII), protected health information (PHI), or financial data. Disable or uninstall any software, features, functions, or network ports not essential to business operations. Information contained in this document is and may be distributed without restriction.

NJCCIC Services Weekly Bulletin à Bi-Weekly Presentations and Training Threat analysis Blogs Threat profiles Threat Indicator Sharing Information contained in this document is and may be distributed without restriction.

Our Analytic Products Information contained in this document is and may be distributed without restriction.

A Plug: MS-ISAC www.cisecurity.org/ms-isac Information contained in this document is and may be distributed without restriction.

Contact NJCCIC@cyber.nj.gov 609-963-6900 x 7865 JOIN!!! @NJCybersecurity @NJCybersecurity cyber.nj.gov Information contained in this document is and may be distributed without restriction.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback