Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv...
Transcript of Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv...
![Page 1: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/1.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
Cybersecurity for Municipalities
2017 AUMA Convention
![Page 2: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/2.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
2
Agenda
Introductions
Cybersecurity Landscape
Current & Emerging Risks
Reducing Risk
Wrap-Up
![Page 3: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/3.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
3
Senior Client Solutions Architect Optiv Security
• Over 20 years of experience• Wide variety of industries• Diverse experience• Builder, problem solver
Chris Burchell
![Page 4: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/4.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
4
About Optiv
Largest pure-play cyber security solutions provider
Mission: Vision:Partner with organizations to help them plan, build and run successful cyber security programs.
To be the world’s most advanced, most comprehensive and most trusted partner for cyber security solutions.
Singular Focus: Cyber security
![Page 5: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/5.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
The CybersecurityLandscape
![Page 6: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/6.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
6
2017 Cybersecurity Headlines
Petya / NotPetya 199 Million Voter Records
and the list goes on…
WannaCryShadow Brokers
University of Calgary
MacEwanUniversity
![Page 7: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/7.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
7
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 8: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/8.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
8
Verizon Data Breach Investigations Report
•“It can’t happen to us…”
•“We’re all good…”
•“Sure my password is strong…”
•“We don’t need to do anything different…”
95% of phishing attacks followed by some sort of software installation
61% were businesses with less than 1,000 employees
73% were financially motivated
27% of breaches discovered by third parties
![Page 9: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/9.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
9
It can happen to you.
![Page 10: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/10.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
Challenges, Current and Emerging Threats
![Page 11: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/11.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
11
World wants to be more connected
Massive explosion/churn of infrastructure and data
Threat volume and sophistication growing exponentially every day
A Very Big Problem
Nearly every tactic can be defeated
There is no one-size-fits-all solution
It will never be done
Stakes are high and getting higher
Thousands of options and choices
Few have the know-how, awareness, resources or time to catch up or keep up
No silver bullet
Beginning of a perfect storm Every
organization needs help
![Page 12: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/12.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
12
Cyber Security Challenges
Customer data and intellectual property
Insider threats
Mobility
Compliance and regulations
Security awareness
Cloud infrastructure services
Evolving technology landscape
Third-party riskAdvanced threat
Internet of things (IoT)
Threat intelligence
Distributed denial of service
![Page 13: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/13.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
13
•Stolen or weak passwords•Good old-fashioned hacking•Malware / Ransomware (phishing)•Social engineering attacks
Current and Enduring Risks
![Page 14: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/14.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
14
•Cloud Security•IoT•Third Party Risk•Insider Threats
Emerging and Growing Risks
![Page 15: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/15.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
Reducing Risk
![Page 16: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/16.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
16
Reducing Risk – Overview
•Know what you’re dealing with
•Know your exposure
•Build a business-driven security program
•Prepare for the inevitable
![Page 17: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/17.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
17
Prevent and Mitigate
• Know your assets• Restrict traffic• Use multi-factor authentication• Limit administrative access• Log and monitor events
Respond and Investigate
• Use IR playbook• Proactive review• Change administrative passwords• Contain and eradicate threats• Engage legal and PR teams early
Reducing Risk – Know What You’re Dealing With
Do you know what you are trying to protect and how important it is?
![Page 18: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/18.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
18
![Page 19: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/19.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.
19
Prepare for the Inevitable
•Get executive buy-In
•Educate and raise awareness
•Have a plan (and rehearse it)
•Supplement / CYA
•Build internal capacity or partner with experts
![Page 20: Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved. 2 Agenda Introductions Cybersecurity Landscape. Current](https://reader034.fdocuments.in/reader034/viewer/2022042407/5f21d6e7e257072f3f56f523/html5/thumbnails/20.jpg)
Proprietary and Confidential. Do Not Distribute. © 2017 Optiv Inc. All Rights Reserved.