Post on 30-Sep-2020
CYBERSECURITY FOR DEFENSE CONTRACTORS: THREAT BRIEF
Hosted by:
North Carolina Military Business Center
North Carolina Defense Technology Transition Office
Businesses in AttendancePlease test your chat function and provide: company name,
your name, location, email address
AGENDA• Introductions and Welcome
• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)
• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information
Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of Staff
• Business Questions and Answers• Please type your questions in the chat function for review and response
• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center
UPCOMING TRAININGS: Introduction to Federal Contracting
(Sept 17)
Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)
Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)
Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)
DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)
UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental
Summit(October 21-22, Virtual)
All registration information is available online at www.ncmbc.us.
AGENDA• Introductions and Welcome
• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)
• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information
Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of Staff
• Business Questions and Answers• Please type your questions in the chat function for review and response
• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center
UPCOMING TRAININGS: Introduction to Federal Contracting
(Sept 17)
Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)
Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)
Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)
DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)
UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental
Summit(October 21-22, Virtual)
All registration information is available online at www.ncmbc.us.
AGENDA• Introductions and Welcome
• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)
• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information
Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of Staff
• Business Questions and Answers• Please type your questions in the chat function for review and response
• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center
UPCOMING TRAININGS: Introduction to Federal Contracting
(Sept 17)
Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)
Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)
Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)
DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)
UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental
Summit(October 21-22, Virtual)
All registration information is available online at www.ncmbc.us.
North Carolina Military Business Center Cyber Briefing
Maria S. ThompsonState Chief Risk Officer
Why are small businesses so appealing to hackers?
Source: IBM Report & Verizon Data Breach Report
BECAUSE:• 43% of SMBs Lack Any Type of Cybersecurity Defense Plans• One in Five SMBs Don’t Use Any Endpoint Security Protections• 60% of SMB Choose to Keep Their Heads in the Sand About Attack
& Breach Risks• 28% of the Breaches in 2019 Involved Small Business Victims• 85% of MSPs Report Ransomware as the Biggest Malware Threat
to SMBs in 2019• 63% of SMBs Report Experiencing a Data Breach in the Previous 12
Months• 22% of SMBs Switched to Remote Work Without a Cybersecurity
Threat Prevention Plan
Why are small businesses so appealing to hackers?
• 54% of small businesses think they’re too small for a cyber attack.• 25% of small businesses didn’t realize cyber attacks would cost them money.• 83% of small businesses haven’t put cash aside for dealing with a cyber attack.• 54% of small businesses don’t have a plan in place for reacting to cyber attacks.• 65% of small businesses have failed to act following a cyber security incident.• 50% of small and mid-sized businesses reported suffering at least one cyber attack
in the last year.• Small businesses spend an average of $955,429 to restore normal business in the
wake of successful attacks.• Just figuring out how a cyber attack happened could cost $15,000.• 40% of small businesses experienced eight or more hours of downtime due to a
cyber breach.• This downtime accounts for an average of $1.56 million in losses.
Attackers Focus – Key Findings
Source: 2020 Crowdstrike Services Cyber Frontlines Report
• Business disruption was the main attack objective• Credential dumping was the most frequent technique used• Dwell time increased from 85-95 days. The use of stronger countermeasures allow
them to stay hidden longer• Both Malware (49%) and malware-free (51%) intrusions were just about equal in use• Attackers are more deliberate and targeted in their efforts to automate Active Directory
reconnaissance.• Third-party compromises serve as a force multiplier for attacks • Attackers are targeting cloud infrastructure as a service (IaaS). Targeting of API keys is
increasing• Macs are now clearly in the crosshairs of the cyber fight. • Patching remains a problem• Many organizations fail to leverage the capabilities of the tools they already have
Attackers Focus – Key Findings
Source: 2020 Crowdstrike Services Cyber Frontlines Report
Attackers Focus – Key Findings
Source: 2020 Crowdstrike Services Cyber Frontlines Report
Attackers Focus – Key Mitigations
Source: 2020 Crowdstrike Services Cyber Frontlines Report
2019 NC Reported Ransomware Attacks
Date Affected Entity Ransomware VariantMar 2019 Orange County (hit 3 times in 6 yrs) Ryuk
Mar 2019 Pasquotank-Camden EMS Unknown
Mar, 2019 Robeson, NC Ryuk
Apr, 2019 City of Greenville RobinHood
Jul, 2019 Richmond Community College Ryuk
Aug 2019 Lincoln County Sheriffs Off/911 (X2) DopplePaymer
Sep 2019 Wildlife Commission DopplePaymer
Oct 2019 NC State Bar Neshta (dropper)
Oct 2019 Columbus Co School System (x17) Ryuk
Oct 2019 ABC Board (x21) Sodinokibi
Dec 2019 EBCI Sodinokibi (Insider Threat)
2020 NC Reported Ransomware AttacksDate Affected Entity Ransomware VariantFeb 2020 Duplin County RyukMar 2020 Durham County RyukMar 2020 City of Durham RyukMar 2020 Burke K-12 X (24) AKO Mar 2020 Alleghany K-12 PhobosMar 2020 City of Shelby RyukMar 2020 Mitchell K-12 SnatchMay 2020 Person County LockBitAug 2020 City of Rocky Mtn RYUKAug 2020 Haywood K-12 SuncyrptAug 2020 Piedmont Comm. College Matrix
2019 FBI IC3 Report – North Carolina
Source: 2019 Internet Crime Report
To Pay or Not to Pay
Source: Proofpoint -2020 State of Phish Report
Best Practices• Defense in Depth: Firewalls, antivirus, and endpoint detection/response
solutions• Network penetration testing• Cybersecurity audits• Computer use, device, and password policies• Access management and control policies and procedures• Email security solutions (such as anti-phishing solutions, spam filters,
email signing certificates [S/MIME certificates])• Employee cyber security awareness training and phishing simulations• Incident response and disaster recovery plans• Current data OFFLINE backups*** Cyber Insurance*** Virtual CISO
Question for you
Whole-of-State Cyber Approach• BitSight Monitoring of local county
infrastructure
• Pilot program for continuous monitoring of local county network traffic
• Development of Statewide Significant Cyber Incident Plan
• Establishment of statewide information sharing under HB 217
• 2-1-1 Cybercrime Hotline launched August 2020
Free ResourcesDHShttps://us-cert.cisa.gov/resources/smb
NISThttps://www.nist.gov/itl/smallbusinesscyber
FCChttps://www.fcc.gov/general/cybersecurity-small-business
SBAhttps://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats
FTChttps://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity
@NCDIT@BroadbandIO@ncicenter
NCDIT
NC Department of Information Technology
NC DIT
Let’s Connect!
it.nc.gov@NCDIT
AGENDA• Introductions and Welcome
• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)
• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information
Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of
Staff
• Business Questions and Answers• Please type your questions in the chat function for review and response
• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center
UPCOMING TRAININGS: Introduction to Federal Contracting
(Sept 17)
Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)
Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)
Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)
DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)
UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental
Summit(October 21-22, Virtual)
All registration information is available online at www.ncmbc.us.
There is no way it will happen to me…right?my personal 2020 story
“From U.S. businesses, to the federal government, to state and local governments, the United States is threatened by cyberattacks every day.” Daniel Coates, former Director of National Intelligence
America’s View of how DoD does Cyber Security
Threat intelligence states that DOD’s most critical defense missions are threatened on a regular basis by cyber-capable adversaries seeking to deny, disable and disrupt U.S. defense operations below the level of armed conflict
2018 – DoD received 3.2Bn emails13M contained viruses, malware, or phishing attempts
2015 – DoD targeted with 2 Gb DDoSToday - > 600 Gb daily
COVID-19 – Exponential increase in probing and VPN-related attacks
IoT and Networked devices create supplychain risk never before considered
Our View of how DoD does Cyber SecurityPersonal involvement in five DoD-level responses to critical vulnerabilities or attacks
- Controlled use of external media / USB- Focus on printer configuration- Supply Chain vulnerabilities- Greater visibility of remote access / phones
Cyber Security Maturity Model Certification (CMMC)Level 1 – Basic Cyber Hygiene (Access Control/Network Scan)Level 2 – Intermediate Cyber Hygiene (Establish Policy)Level 3 – Good Cyber Hygiene (Manage and Safeguard CUI)Level 4 – Proactive Cyber Hygiene (Review and Measure)Level 5 – Advanced Cyber Hygiene (APT)
Nobody questions the Sanitation Score in restaurants, but we won’t eat in one if it is lower than a 90
We are not at the End Daysbut we need to be careful
USCYBERCOM and the Service Cyber Commands are much more mature
Election Security is USCYBERCOM’s #1 Priority
Public – Private partnerships between USG and tech industry helpful
Low barrier to entry – Teenager in Tampa to Nation State in Asia
Attacks will increase in sophistication as we grow our automated capabilities to detect, remediate and comply
We must get it right all the time – the adversary only has to get it right once
Secure your Hardware
Encrypt and Backup Data
Invest in Cyber Security Insurance
Promote a Security-Focused Culture
Anti-Malware and Firewall Software
AGENDA• Introductions and Welcome
• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)
• Presentation• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of
Staff• Maria Thompson, Chief Risk Officer, North Carolina Department of Information
Technology
• Business Questions and Answers• Please type your questions in the chat function for review and response
• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center
UPCOMING TRAININGS: Introduction to Federal Contracting
(Sept 17)
Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)
Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)
Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)
DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)
UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental
Summit(October 21-22, Virtual)
All registration information is available online at www.ncmbc.us.