Anatomy of a Cyber Attack - IACCE€¦ · Anatomy of a Cyber Attack A Reality Check for Business...
Transcript of Anatomy of a Cyber Attack - IACCE€¦ · Anatomy of a Cyber Attack A Reality Check for Business...
Helping you grow your business with
scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.
© 2017 Peters & Associates, Inc. All rights reserved.
Anatomy of a Cyber AttackA Reality Check for Business Decision Makers including Executives, Directors, and Owners.
Bruce Ward, Vice President of Business StrategyDr. Rachael Narel, Solution StrategistAdam Gassensmith, Manager of Client Engagement
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsAgenda
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsChanges Keep Changing
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsChanges Keep Changing
2005 2013
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsBreaches Keep Breaching
www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
“Cyber crime only happens to large companies like Chase, Target and Home Depot.”
31% - incidents of losses at organizations with <100 employees
61% - incidents of losses at organizations with <250 employeesSource: Symantec Internet Threat Report
Common Misconceptions
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsCloud Shift only Shifts
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsLooming Risk Offset
Above The Surface
Below The Surface
• Customer Breach Notification• Technical Investigation
• Loss of Client Relationships• Reputation / Brand• Cost of Raising Capital• Loss of Intellectual Property• Impact on Operations• Insurance Sources:2017 Reports:
Ponemon and Deloitte
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsInformation Security Is Complex & Dynamic
DATA“A lot of moving parts”
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsInformation Security Industry
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsCyber Security Framework
Data Protection
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
People
Process
Technology
NIST CSF
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsCyber Security Framework
Data Protection1
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsSignificant Data
Helping you grow your business with
scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.
© 2017 Peters & Associates, Inc. All rights reserved.
Creating a Culture of Security and Effective Training Programs
Rachael NarelSolution Strategist
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
The security of systems is dependent on the people that use them. Effective institutional assessment of risks and implementation of secure practices rely on a shared understanding of the threats and challenges facing the institutions….
Lohrmann, 2014
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Time and budget for training
• Say one thing and do another
• Lack of buy-in
• Not organizationally mandated
• “I’m not a target” mindset
• History of failed programs
• Lack of communication or purpose
• Change is hard….
Some Challenges….
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsOrganizational Culture
Edgar Schein
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• The leadership team needs to support and promote a security culture– Does the strategy support the realization of the goals? (do people
know the strategy?)
– Is the right structure in place?
– Do key business processes support the strategy?
– Are the outcomes and behaviors that are rewarded and recognized support the strategy?
– Does the current talent of the organization support the strategy?
It starts at the top…
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Security belongs to everyone
• Overall awareness
• Rewards and recognition for those who do the right thing
• Creation of a security community
• Fun and engaging
• Continual learning and improvement
• Communication
Key Elements of a Security Culture
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsEngage the entire system
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Security training ≠ cyber awareness program
• Ongoing, continuous, communication, reinforcement
• Go beyond compliance and ‘check the box’ mindset
• Keep it simple!
Cyber Security Awareness PROGRAM
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Just one piece of the program
• Not a point in time event
• Relevant to the audience and consistent with the values and goals of the organization
• Influence behavior changes that deliver measureable results
Training IS important!
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsUse a variety of approaches
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsMeasure and share results
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Is there a security policy that is enforced across the entire organization?
• Do employees know the policy?
• What are the practices and technologies in place that can detect a breach?
• Do employees know what to do if they detect a security violation?
Simple Assessment
Sugar Rush: How to select an IT Managed Services and Cybersecurity Partner in a Crowded Marketplace
Adam Gassensmith – Manager of Client Engagement
This Photo by Unknown Author is licensed under CC BY-ND
Happy (belated) Halloween!
This Photo by Unknown Author is licensed under CC BY-NC
This Photo by Unknown Author is licensed under CC BY-NC-ND
This Photo by Unknown Author is licensed under CC BY
Partnering for Security
Average Salary of an IT Security Specialist
$120,000/year
Average Direct Cost of a Cyberattack on a Small Business
$9,000
The Cost of the Slow Burn
???
Choosing your Candy
Beware of Dum Dums
Avoid Kit Kat’s Rigidity
Peanut Butter and Chocolate
– Better Together
Are you Asking the Right Questions?
• Who is your ideal customer?
• What do you see as the greatest security threat to our business?
• How can you uniquely support our business?
Table Stakes• Security Expertise• Certification
This Photo by Unknown Author is licensed under CC BY-NC
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
IACCE Participant Entitlements Greater Chicago Area
Lunch and Learn - on-site
Security Review in a Day - on-site
Non-Profit Pricing
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsChamber Engagement 2016 …2017
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
The Right Mix Culture, Program, People, Process, and Technology
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Successful Community Everyone Wins With The Right Cybersecurity Mix
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Peters IL Chamber Program
•Connect•Engage•Measure•Evaluate
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
• Participated in 100 + Events Made 2000+ New Connections
• Chamber Cyber Security - 3 events and over 500 Participants
• 160 Cyber Community Businesses Educational Activities
• Results:• Improved Awareness Inquiries For Education lots more to do…..
Peters Community Programs 2017
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Contact Tim O’Hara [email protected] to:
Set up your Community Awareness Program (CAP)
Learn About Microsoft Non-Profit Program
Chat about Risk
What Next – Chamber Challenge
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsKnowledge is Power
www.peters.com/blog
www.peters.com/event
© 2015 Peters & Associates, Inc. All rights reserved.© 2016 Peters & Associates, Inc. All rights reserved.