Jan Renier de jong Skylark Profiting from Sustainability Conference York Dec 2014 uk
Cybersecurity for Startups Workshop · Workshop Mike Johnson Renier Chair/Director of Graduate...
Transcript of Cybersecurity for Startups Workshop · Workshop Mike Johnson Renier Chair/Director of Graduate...
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
CybersecurityforStartupsWorkshop
MikeJohnsonRenier Chair/DirectorofGraduateStudies,SecurityTechnologies
TechnologicalLeadershipInstituteTheUniversityofMinnesota
March6th,2018
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• Master of Science in Security Technologies (MSST) Director of Graduate
Studies and Senior Fellow, UMN Technological Leadership Institute
• Honeywell James J. Renier endowed chair in Security Technologies
• TLI Faculty – Cyber Security and Cyber Risk Management
• 26+ Years security and risk management experience
• Chief Information Security Officer/Operations Risk Director – Bremer Bank
• IT Director & Compliance Officer – Dean Financial Services
• FDIC Bank Examiner
• MSST Class of 2011
Mike JohnsonDirector of Graduate Studies & Honeywell/James J. Renier Chair
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
:(,$.2*%2'%G'6,%H,<.)"I.2"')!"#$%$&'%$&()*&+,-./&*0&1*23'-,$/4&(#*/$&(#'(&#'5$&6$$-&#'1+$.&'-.&(#*/$&(#'(&.*-7(&+-*)&(#$875$&6$$-&#'1+$.9:&&&'()%-(.JK$,*8%3',J$,%-LH%'3%-"*1'%M.)5%'2($,*N
!"#$%&#'()*+',)$'-./'+)'(0#%1'23'%,+#$'+4#5$'62*51#**#*'4%"#'6##1'4%(7#89'!"#$%$$$&,)$'*:%00'%18')"#$';<':5005)1',)$':58=*5>#8'62*51#**?''''''''''''''''''''''''''
'()&*+,-./0
@)1#:)1'A1*+5+2+#
OPQ%R$,$%.<.")*2%*J.;;%K6*")$**$*%R"2(%;$**%2(.)%CSD R',#$,*1234560/
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
1 – Cisco 2017 Cybersecurity Report2 – Antiphishing Working Group3 - Imperva 2016 Bot Traffic Report4 – Privacy Rights Clearing House
• Over 50% of organizations faced public scrutiny after a breach1
• 22% of breached organization lost customers, 40% lost more than one-fifth of their customer base1
• 29% of organizations lost revenue – 38% losing more than 1/5th 1
• Over 4.8 billion personal data records exposed in 20164
• Every third website visitor on the internet is a bad bot3
• 27% of employee introduced cloud apps were high-risk1
• In 2016, the world connected 5.5 million new things to the internet daily, and 8.4B devices were in use 2017 according to Gartner
• Phishing grew 250% in 20162, SPAM is now 2/3 of all email1
• 58% of breaches caused by internal incidents or with a business partner’s organization (Forrestor Research).
Sobering Cyber Statistics
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
>57&[email protected]:898680=
A66B=CDDB4;0=E.8=F:4=07=0/@.862E/-3DA@:[email protected]:89862LI$O@8/F?80PLI$H0B-.6EB7G
2018 Annual Cybersecurity Report2018 Annual Cybersecurity Report
H8=F&(4=07&10/@.862&?@95Q(
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
<2:0.&H4607&>&R-B&S9-:49&N/-5-38/&H8=F
I$JK&T-.97&N/-5-38/&,-.@3&S9-:49&H0B-.6
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
T22.1#$,%!'2"A.2"')*
4++3_WWZZZ?4%(7:%X)1?():WDE<VWE<WENW8#(#:6#$=DE<F=(G6#$=%++%(7*=*+%+5*+5(*W
Technological Leadership Institute
Motivations Behind Attacks December 2017
.. U:-JIVERSITY OF MINNESOTA
.-ai. Driven to Discover
• Cyber Crime
• Cyber Espionage
• Hackt ivism
• Cyber Warfare
hackmageddon.com
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
1A8G685;&>664/F0.&S-49=
A66B=CDDPPPE83B0.U4E/-3D:9-;DI$JVD$ID50P+.0=04./A+/.2B6-+38585;+7.8U0=+493-=6+#$+.03-60+/-70+0W0/@68-5+4664/F=D
2018 Annual Cybersecurity Report2018 Annual Cybersecurity Report
'3B0.U4E/-3
2018 Annual Cybersecurity Report
10B603:0.&I$JK Q0/03:0.&I$JK
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
l\Vha Happ n d o My Comput r? !Your impor ant files are encrypted. IM y of your documents, photos, vid os. d t b s s doh r f ~ I ccessibl bee use they h ve been encrypted M ybe you .recov r your files, but do not waste your tim . Nobody c lour ecryptlon 1 rvlca.
1 an I R ov r My Fil s? I 1sure. We gu tee th t you c recov r 1 your files s ely d sDy. But you h ve
1
not so enough time.
I
You c decrypt some of your files for fr e. Try now by cl ck <D cryp·>.
1
But if you w t to decrypt all your files, you n d op y. 1You only h v 3 d ys to subml the p ymen . Af r h t h pr.c w 1 b doubt . Also, if you don't p y ln 7 d ys, you won't be ble to recover your fil s for v r . We wm h ve free events for users who are so poor h t they couldn' p y fn 6 months.
How Do I Pay? Payment is accepted in Bitcoin only. For more informa ion. click <Abou bi coin>. t•ease check the current price of Bitcoin and buy some bi cofns. For more information, click <How to buy bi coins>. IAnd send the correct amount to the address specified in his windo IAfter your payment, click <Cleek Payment>. Bes time to check: 9:00am - 11:00am n •"" C---.. l'«--...l--... .L- r _.:..J---
it • n ACWTED HERE.
Send $300 worth of bitcoin to this address:
_1_1_sp_1_u_M_M~ng_o_j_1p_M_v_k_p_H_ij_cR_d_r._J_N_x~_·_L_~_"~~~--•
Check f ayment Qecrypt
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• 638millionattacksin2016(167timesmorethan2015)• $5Billioninransom&impactestimatedgloballyin2017• Criminalsadaptingtheirservices• SocialEngineering– callingaschooltoobtainteacheremails• Gettingcreativewithdistribution– infectyourfriendsandget
yourfilesdecryptedforfree• Learningbusinessprocesses– sending“resume”attachmentsto
theHRdepartment• Ransomwareasaservice– for30%commission• Othercriminaloutsourcingfrominfectiontohelpdesk• $400pointandclickransomwaresystems
Ransomware,AnEqualOpportunityMenace
Source: CSO.COM
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• HollywoodPresbyterianHospital– Offlinemorethanaweek,requiredredirectingpatients– Paid$17,000inBitCointorestorefiles(anditworked,thistime…)
• WannaCry– AyearafterHollywoodPresbyterian,UKNHSdramaticallyimpactedby
ransomware– AllegedlysourcedfromstolenNSAhackingtools
• NOT-Petya– Maskingattacker’srealmotives?Nodecryptionkeys– TargetingUkraineentities– Impactedmanyothers– Maersk,Merck,DeutschePost
Ransomware,AnEqualOpportunityMenace
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
+.)*'JR.,$%+$R")5H0/08U07&:2&4&Y8ZZ4&[email protected]&85&6A0&3489
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
,.4@7&457&<2:0.&<.830P !1G6)8G'Z5+4'%1'%(()21+P -#18')$'$#(#5"#'3%G:#1+*P /2*51#**'Y:%50'():3$):5*#'71)Z*'1)'6)218%$5#*
P Y:%50'+%7#)"#$'$#*20+51&'51'21%2+4)$5>#8'3%G:#1+*P ;K/'0)**#*'*51(#'DE<K'`'DDTEEEa'"5(+5:*P <TKEES'51($#%*#'*51(#'DE<R
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• Use social media and published information to identify targets and key players
• Figure out process and possible partners• Takeover or spoof email addresses
• Urgent directive from senior management• Spear Phishing/Whaling• Your clients and employees could be targeted
directly by data thieves as well
Fraud and Cyber Crime
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
]$):'%'$#(#1+'*2$"#G'%18'+#*+'),'():32+#$'#:%50'2*#$*P Q"#$'LVS'),'$#*3)18#1+*'Z#$#'+$5(7#8'6G'#:%50*'+4%+'0))7#8'057#'+4#G'Z#$#',$):'%'()Z)$7#$?
P .#**%&#*',$):'*)(5%0':#85%'():3%15#*'Z5+4'+4#'34$%*#T'de58'G)2'*##'+45*'35('),'G)29'fQfg',))0#8'1#%$0G'L<S'),'3%$+5(53%1+*?
P ]#Z#$'+4%1'KS'),'$#*3)18#1+*',#00',)$'%1'#:%50'(0%5:51&'+4#G'Z)1'%'65&'(%*4'3$5>#',$):'%'*),+'8$517'():3%1G?
10/@.862&>P4.050==&R.48585;&8=&=6899&/.868/49%&:@6&/45[6&:0&6A0&-592&/-56.-9
T)'2($,%=''#%.2%V("*(")<
1-@./0C&<1XE<X)
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
1-@./0C&<1XE<X)
T)'2($,%=''#%.2%V("*(")<
Technological Leadership Institute
0
r
J
Rep n rd
2 2
J s • ch
r eu g B)
schedu e or our me t n omorro\;v. m OU bl .
.... UN IVERS ITY OF )A INNESOTA
.... Driven to Discover
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
We aren’t a bank or a hospital, so our data is worthless, or “We’re too small”
• Intellectual Property– Your ideas and products– Business plans and strategy
• Payment/transaction and other data– Customers & Suppliers
• Do you have employees?– Employee bank account and health information– Information is monetized – Dark Web marketplace
• Computing systems/hardware• Do you have accounts at financial institutions?
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W.;6$%'3%LJ.";%T11'6)2
h$#6*Q1-#(2$5+G?():
Your messages, calendar
Your Google/Skype Chats
Your photos
Call records (+mobile acct)
Your Location (+mobile/itunes)
Privacy
Facebook, Twitter, Tumbler
Macys, Amazon, Walmart
iTunes, Skype, Bestbuy Retail Resale
Spotify, Hulu+, Netflix
Origin, Steam, Crossfire
Bank accounts
Email Acct. Ransom
Change of Billing
Cyberheist Lure
Financial
Technological Leadership Institute
.... U:"lllVERSITY OF MINNESOTA
..-ai. Driven to Discover
Hacked Email/
Spam
Commercial Email
Phishing, Malware
Stranded Abroad Scam
Face book, Twitter Spam
Email Signature Spam
Harvesting
Email, Chat contacts
File hosting accounts
Google Docs, MS Drive
Employment
Dropbox, Box.com
Software License Keys
Forwarded Works Docs
Forwarded Work Email
Fedex, UPS, Pitney Bowes Acct
Salesforce, ADP Accounts
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W.;6$%'3%.)%H,<.)"I.2"')X*%T**$2*/0.2.
h$#6*Q1-#(2$5+G?():
Trade Secrets
R&D Data
Customer Lists
Strategic Plans
Intellectual Property
Desktops/Servers
Backups/Disaster Recovery
Telecom EquipmenWOIP
Offices/Industrial Buildings
Email Access (BECIPhishing)
Partner Bank Info
Paths to Compromise
Network Credentials
Physical
Partners
Hacked Company
Technological Leadership Institute
.... U:'llIVERS ITY OF MINNESOTA
.-a.. Driven to Discover ·
HR Data
Insurance numbers
Employee W2ff ax info
Salary data
Disability information
Financials
Credit Card Data
Employee Bank Info
Corporate Bank Info
Quarterly Earnings
Virtual
Cloud Services
3rd Party Content
Software Licenses
Web sites
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
P >&50P&3498/8-@=&P0:&=860&B-B=&@B&0U0.2&^&=0/-57=
P Q00BP0:&_&/-56056&6A46&8=5[6&8570W07
P Q4.FP0:&_&6A0&:4/F&49902&-G&6A0&8560.506
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
:($%0.,#R$K%.)5%H2($,%71.,9%72',"$*
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
And Cyber Crime Too?• Botnets, Workstations and IoT• Criminal infrastructure – crime as a service, help desk, DDOS
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Cloud,BigData,&ThirdPartyServices• Cloud - SAAS, IAAS, PAAS, etc.
• AWS and other hosts• Products like Salesforce, Workday, LogMeIn, Dropb
• Big Data – are you increasing your data collection?• Increased data = increased security requirements
• Having multiple cloud products increases complexity and creates a larger attack surface
• Do you use other third party services?• Do you provide services to other companies?• Do you use new and emerging technologies?
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
-6,,$)2%72.2$%-9K$,*$16,"29%:(,$.2*
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
-6,,$)2%72.2$%-9K$,*$16,"29%:(,$.2*
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
RealRisksFromtheInternetofThingsIoT hacksthathittheheadlines
•2011:Hackertakeswirelesscontrolofinsulinpumps.•2014:Hackerscommandeerhundredsofwebcamsandbabymonitors.•2015:ResearchersremotelytakeoverandcrashCherokeejeep.•2015:Planeflightcontrolshackedviain-flightentertainmentsystem.•2016:Smartthermostatshackedtohostransomware.•2016:Majorinternetoutage- DYNattackfromIoT Botnet•2017:Swisshotelkeycard/doorlockscompromised•2017:St.Juderecalls465,000”hackable”pacemakers
Anyorganizationwithfinancial,identity,orhealthinformationorservicesisatargetforIoT,IP,PHI,andotherhighvalueassets
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
InsiderThreats• A problem for all organizations
• Departing employees - Disgruntled staff - Too much to do
• San Francisco IT Admin changed all the passwords• Not always malicious intent – architecture &
management issues• BYOD/Mobile, consumer class cloud services• Free Apps & Downloads (legitimate source? reviewed?) • A compromised admin or system is now an insider threat• Accenture survey – 69% of CISOs report attempted/
successful data theft by insiders• IBM X-Force reports 68% of 2016 attacks in healthcare
were attributed to insiders
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
InsiderThreats• Employee errors/accidents
• Responding to phishing request• Mistyping an email address• Loosing a USB drive – Finding a USB drive• Unwise “collaboration”
• Negligence• Circumventing controls that “impede” their job• Systems management shortcuts• Using consumer grade technology or shadow IT
• Intentional malicious acts• Disgruntled employee actions• Selling your data for their profit
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
MoreSecurityProblemstoConsider• Your employees are also consumers
– Targets both for their personal assets and work access/assets– Overshare, potentially under trained, re-use passwords, ? Cyber behaviors– A new malicious web site sprouts every 3 seconds – shop at work, etc.– Work email, personal email(s), social media accounts – all have value
• What about devices you don’t think about, like printers?– 56% of organizations don’t include printers in security policy and program– On network, accessible via wi-fi and open ports, located in open areas– Many contain storage drives (all multi-function and many network printers)– What about secure disposal?
• Do you provide Wi-Fi for employees? Visitors?– Can be trivial to penetrate even a reasonably well configured wi-fi network– Mobile devices are rife with potential vulnerabilities and malware
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
ThirdPartyRisks/CyberSupplyChain
• 63% of all data breaches linked directly or indirectly to third party access • Increased reliance on service providers (& cloud)
• Cost savings• Skills gaps• Competitive advantage
• Other supply chain risks include product sourcing• Android phones from 36 brand name
manufactures found with malware preinstalled• Low-cost phones on eBay and Amazon infected• Many previous examples of other devices as well
Soha Systems survey
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
QuestionsForYourServiceProvider
• Whoisresponsibleforsecurityatthevendor?
• Whatdoyoudotosecuretheenvironmentwheremydata/applications/systemsare?
• Doyouhaveasecurityauditand/orpenetrationtestfromathirdparty?
• Howdoyoufixidentifiedissues
• Howdoyouconductongoingmonitoringactivities
• WhatsecurityactivitiesareyouresponsibleforandwhatamIresponsiblefor?
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
QuestionsForYourServiceProvider
Contracts:• Breachnotificationrequirement
• RighttoAudit
• Independentassessmentrequirement
• Requiredsecurityexpectations
• Whatwilltheypayforafteranincident
• EstablishNon-disclosureagreement
• Dataownershipandrighttorestrictmovement
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
<2:0.&10/@.862&a457=/4B0&b RA.046&H0B-.6=
T echnol ogi cal Leadership Institute
I
~~FireEye
LOOKING FORW
... UN I VERS ITY Or M I NNESOTA
.-a.. Driven to Discover -
2015
ictions McAfee Labs
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
[",$L9$/!.)5".)2%%] CDE^%!_:,$)5*%+$>',2
^4$*_%4583P ,-.?*M d5:%41348*3"#(&3)&:1)&"5P 01)&"5*K)1)43*158*2&515:&1B*1:)"%3*D_1:)&:3X*
_4:(5&Y943*158*W%":489%43*D__W3F*&58&3)&5'9&3(17B4
P d5:%41348*8&%4:)*)1%'4)&5'i3#41%*#(&3(&5'*l*#("54*3":&1B*45'&544%&5'
P O1:C*"2*34'%4'1)&"5*M mB1)*04);"%C3P W%&J&B4'4*L3:1B1)&"5P W4%3&3)45:4*)(%"9'(*45:%$#)&"5*158*
B4'&)&61)4*3&)43*("3)&5'*71:C*8""%3*158*!,!*34%J&:43
P K(16""5 61B;1%4*)1%'4)3*"&B*158*454%'$*:"6#15&43
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!1T3$$%] :(,$.2%V,$5"12"')*%3',%CDE^`^4$*W%48&:)&"53
P R1%8;1%4*158*2&%6;1%4*)(%41)3*15*&5:%413&5'*)1%'4)*2"%*3"#(&3)&:1)48*1))1:C4%3*
P Pe%"54g1:C&5'Q*#B1:43*)(%41)3*&5*)(4*3C$*P a"7&B4*)(%41)3*)"*&5:B984*%153"6;1%4X*S\_3X*:"6#%"6&348*
1##*61%C4)3*P d"_ 61B;1%4*"#453*1*71:C8""%*&5)"*)(4*("64*P N1%)54%*43)&61)43*)(1)*7$*,-,-*6"%4*)(15*,ET*"2*1))1:C3*
&5*45)4%#%&343*;&BB*&5J"BJ4*d"_ 84J&:43=*P a1:(&54*B41%5&5'*1::4B4%1)43*3":&1B*45'&544%&5'*1))1:C3*P L3:1B1)&"5*"2*18*;1%3*7""3)3*61B;1%4*84B&J4%$*P R1:)&J&3)3 4k#"34*#%&J1:$*&33943*P _(%41)*&5)4BB&'45:4*3(1%&5'*61C43*'%41)*3)%&843*P !$74%*43#&"51'4f*&5893)%$*158*B1;*452"%:4645)*g"&5*2"%:43*P W($3&:1B*158*:$74%*34:9%&)$*&5893)%&43*g"&5*2"%:43
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
79J.)2$1%] ?)2$,)$2%7$16,"29%:(,$.2%+$>',2%CDE^> m%"6*1*81)17134*"2*AAXn--*%4:"%848*J9B54%17&B&)&43*D3#155&5'*6"%4*
)(15*);"*84:1843F*2%"6*,VXE?-*J458"%3*%4#%4345)&5'*"J4%*/AXn--*#%"89:)3
> [(&B4*18J15:48*1))1:C3*158*<4%"`81$*J9B54%17&B&)&43*1%4*1*61g"%*)(%41)X*:$74%*:%&6&51B3*:"5)&594*)"*934*3#41%*#(&3(&5'*158*:"66"5*)""B3*)"*7B458*&5*;&)(*5"%61B*)%122&:=
> d845)&2&48*1*)%458*&5*:$74%*43#&"51'4*74&5'*9348*)"*:1934*:(1"3X*8&3%9#)&"5X*8&3&52"%61)&"5o*158*&52B945:4*)(4*"9):"643*&5*)(4*4B4:)&"5*#%":43343X*84:&3&"5*61C&5'*158*61g"%*'"J4%5645)*84:&3&"53*&5*)(4*29)9%4=*\B3"*2"958*13*)(4*#"B&)&:1B*934*"2*:$74%`1))1:C3*'%";3X*51)&"5*3)1)43*1%4*#%4#1%&5'*)"*74*"5*)(4*"22453&J4*;(45*)1%'4)48=
P m&515:&1B*)(42)*'4))&5'*7&''4%*158*7"B84%X*6"J&5'*1;1$*2%"6*)(4*)%18&)&"51B*361BB*)&64*:%48&)*:1%8*)(42)*)"*)(4*&554%*;"%C&5'3*"2*)(4*2&515:&1B*&5893)%$=
P \))1:C4%3*:(15'&5'*)(4&%*)1:)&:3*)"*61C4*6"%4*934*"2*4k#4:)48*241)9%43*158*)""B3*158*1:)&J&)&43=
P d5:%41348*934*"2*:%&6&51B*"9)3"9%:&5'*34%J&:43X*158*d"_*13*7")(*1*)1%'4)*158*15*1))1:C*)""B
P L61&B*158*K#16*61C&5'*1*:"6471:C*13*#%&61%$*84B&J4%$*64:(15&36*2"%*C4$*1))1:C*1:)&J&)&43=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')%_ CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2M4#'e/AH'5*'():3$5*#8'),'$#%0=Z)$08'8%+%'6$#%(4#*'%18'*#(2$5+G'51(58#1+*o#5+4#$'51"#*+5&%+#8'6G'n#$5>)1')$'3$)"58#8'6G'%'8%+%'()1+$562+)$'\LR'*)2$(#*^
P M#1+4'G#%$'),'+45*'&$)2186$#%751&'$#3)$+P Y*+%605*4#8'U'51(58#1+'(0%**5,5(%+5)1'3%++#$1*P M45*'G#%$'%88*'5182*+$G'"#$+5(%0'*3#(5,5('51,)$:%+5)1P f#"#$%&#*'nYHA-'= n)(%620%$G',)$'Y"#1+'H#()$851&'%18'A1(58#1+'-4%$51&T'%'*#+'),':#+$5(*'8#*5&1#8'+)'3$)"58#'%'()::)1'0%1&2%&#',)$'8#*($5651&'*#(2$5+G'51(58#1+*'51'%'*+$2(+2$#8'%18'$#3#%+%60#':%11#$?
P @$)"58#*')33)$+215+G'+)'%1%0G>#'+$#18*'%18'5**2#*'51'%&&$#&%+#?''
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
R2B0&-G&>/6-.
R2B0&-G&>/68-5
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
)-68U468-5 Q8=/-U0.2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')+$>',2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
?-9@30&:2&
?0.68/49
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')+$>',2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
<-3B4.85;&>664/F=&:06P005&'57@=6.80=]51%1(5%0'-#$"5(#* .%12,%(+2$51& H#+%50
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
>;;.0;460&>664/F&'5G-.3468-5
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
<.830P4.0&>57&
N=B8-54;0&>5492=8=
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
OtherReportObservations– Paceincreases• Newzerodayrisks– partiallyfueledbyhackingdumps(Vault7,ShadowBrokers,etc.)
• Re-emergenceofworkingworms• Techgrowthincreasesattacksurface– IoT,AutonomousVehicles,Cloud/ThirdPartyRisk
• OutsourcedcriminalservicesandBitcoinfuelexpansionofinternationalcybercrime
• Hackingbynationstates• Politicalinfluence• Fundingnationalobjectives• Cyber-physicaltargetingofpoliticaladversaries
• Ransomwareasadiversion?
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
P C)*+'3#$'$#()$8'6$#%(4#8'51(028#*'()*+'),',)$#1*5('#X3#$+*T'($#85+':)15+)$51&T'(2*+):#$''4)+051#T',2+2$#'3$)82(+'85*()21+*T'51=4)2*#'51"#*+5&%+5)1*T'()::215(%+5)1*W1)+5,5(%+5)1*T'%18'()*+'),'0)*+'(2*+):#$*'\(42$1^
P A182*+$G'%18'()21+$G'30%G'%'65&'$)0#'51'()*+*P C):3%1G'%(+5"5+5#*'6#,)$#'%18'82$51&'%'6$#%(4'%0*)'5:3%(+'()*+*'B Yj25,%X9
P @)1#:)1'#*+5:%+#*'+4%+'DVS'),'3%$+5(53%1+*'()1+$562+51&'6$#%(4'51,)'Z500'#X3#$5#1(#'%1)+4#$'6$#%(4'51'D'G#%$*
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
!"&?'C)*+'),'CG6#$'C$5:#'B @#$'Q$&%15>%+5)1
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
C)*+'),'CG6#$'C$5:#'= !&&$#&%+#8
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Ponemon2016CostofCyberCrimeStudy
Nine characteristics of innovative and cyber secure organizations.
1. Security posture. Overall, these organizations, prior to engaging in new business opportunities and changes in operations, assess potential security risks in order to improve their security posture. This includes the persistent use of security technologies such as advanced access management systems, extensive deployment of encryption technologiesand enterprise deployment of GRC tools.
2. Information management. Information loss is now the biggest financial impact of a cyber attack. Consequently, organizations with advanced backup and recovery were able to reduce the impact and ensure business continuity and data protection.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Ponemon2016CostofCyberCrimeStudy
3. Information governance. These companies deploy advanced procedures for backup and recovery operations, share threat intelligence, collaborate with industry partners on security issues and integrate security operations with enterprise risk management activities.
4. Data protection. These organizations make investing in technologies and processes that reduce information loss a priority because they understand it is the most costly cyber attack to remediate. They are also shifting budget to the application and data layers rather than the network layers, to fortify the areas most vulnerable to information loss.
5. Application security. Prior to the launch of customer-facing applications, these organizations do not rush to release. They ensure the necessary security is built into the applications and vulnerabilities are addressed. These companies use several application security controls such as penetration testing, security patch management and dynamic and static scanning.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Ponemon2016CostofCyberCrimeStudy
6. Detection and recovery. To reduce the time to determine the root cause of the attack and control the costs associated with a lengthy time to detect and contain the attack, these organizations are increasing their investment in technologies to help facilitate the detection process.
7. Third-party risk. These organizations are able to reduce the risk of taking on a significant new supplier or partner by conducting thorough audits and assessments of the third party’s data protection practices.
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
V')$J')CDE^%72.2$%'3%7!Y%-9K$,%7$16,"29%72659
P RUV'-./*'*2$"#G#8'P f#**'+4%1'<EE'+)'<TEEE'#:30)G##*P L<S'$#3)$+#8'%'(G6#$'%++%(7T'%18'RNS'$#3)$+#8'%'6$#%(4'),'(2*+):#$')$'#:30)G##'51,)$:%+5)1'51'+4#'0%*+'<D':)1+4*
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Ponemon2017StateofSMBCyberSecurityStudy- Findings• CyberattacksaffectedmoreSMBsinthepast12months,anincreasefrom
55%to61%ofrespondents.Themostprevalentattacksagainstsmallerbusinessesarephishing/socialengineeringandweb-based(48%and43%ofrespondents,respectively).Morerespondentsinthisyear’sstudysaycyberattacksaremoretargeted,severeandsophisticated.
• TheriseofransomwareisaffectingSMBs.Inlastyear,onlytwopercentofrespondentsdescribedthecyberattackstheyexperiencedasransomware.Thisyear,52% ofrespondentssaytheircompaniesexperiencedaransomwareattackand53%oftheserespondentssaytheyhadmorethantworansomwareincidentsinthepast12months.79%percentofrespondentsaytheransomwarewasunleashedthroughaphishing/socialengineeringattack.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Ponemon2017StateofSMBCyberSecurityStudy- Findings• SMBsarehavingslightlymoredatabreachesinvolvingpersonalinformation
andthesizeofdatabreachesislarger.Inthepast12months,54%ofrespondentsreporttheyhadabreachinvolvingsensitiveinformationaboutcustomers,targetcustomersoremployees,anincreasefrom50%inlastyear’sstudy.Theaveragesizeofthebreachinvolved9,350individualrecords,anincreasefromanaverageof5,079records.
• Oftherespondentswhosaytheirorganizationhadadatabreach,54% saynegligentemployeesweretherootcauseofdata,anincreasefrom48%ofrespondentsinlastyear’sstudy.However,similartolastyear,almostone-thirdofcompaniesinthisresearchcouldnotdeterminetherootcause.
• Cyberattacksaremorecostly.TheaveragecostduetodamageortheftofITassetsandinfrastructureincreasedfrom$879,582to$1,027,053.Theaveragecostduetodisruptiontonormaloperationsincreasedfrom$955,429to$1,207,965.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Ponemon2017StateofSMBCyberSecurityStudy- Findings• Whileonly23%ofrespondentsreporttheirorganizationhadadatabreach
orsecurityincidentduetotheuseoftheInternetofThings(IoT),67%ofrespondentsareconcernedaboutthesecurityofIoTdevicesintheworkplace.Moreoveronly29%ofrespondentssaytheyhaveconfidenceintheirabilitytocontainorminimizetheriskofinsecureIoT.Infact,56%ofrespondentssayIoTandmobiledevicesarethemostvulnerableendpointtheirorganization’snetworksandenterprisesystems.
• Personnel,budgetandtechnologiescontinuetobeinsufficienttohaveastrongsecurityposture.Asaresult,somecompaniesengagemanagedsecurityserviceproviderstosupportanaverageof36%oftheirITsecurityoperations.TheservicesmostoftenusedaremonitoredormanagedfirewallsorintrusionpreventionsystemsandintrusiondetectionsystemsandsecuritygatewaysformessagingorWebtraffic.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SmallBusinessScams
• Directoryscams• Techsupportscams• 419/AdvancedFee• IRS• Check/Invoice/Billingscam• Overpayment• Ransomware
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
2016GlobalOccupationalFraud&AbuseStudy
• Thetypicalorganizationlosesanestimated5%ofannualrevenuesasaresultoffraud
• Themedianlosssufferedbysmallorganizations(thosewithfewerthan100employees)wasthesameasthatincurredbythelargestorganizations(thosewithmorethan10,000employees)
• Corruptionwasmoreprevalentinlargerorganizations,whilechecktampering,skimming,payroll,andcashlarcenyschemesweretwiceascommoninsmallorgs.
• Thelongerafraudlasted,thegreaterthefinancialdamage.Whilethemediandurationwas18months,lossesroseasdurationincreased.Attheextremeend,schemesthatlastedmorethanfiveyearscausedamedianlossof$850,000vs.overall$150,000loss.
• Thepresenceofanti-fraudcontrolswascorrelatedwithbothlowerfraudlossesandquickerdetection.Comparingorganizationsthathadspecificanti-fraudcontrolsinplaceagainstorganizationslackingthosecontrolsidentifiedthatwherecontrolswerepresent,fraudlosseswere14.3%–54%lowerandfraudsweredetected33.3%–50%morequickly.
Association of Certified Fraud Examiners http://www.acfe.com/rttn2016/about/executive-summary.aspx
Data collected from a survey of 41,788 CFEs reporting 2,410 fraud cases investigated the previous year.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
FraudPreventionTips• ExternalActors
– Trainstafftobewaryofsocialengineeringandmakesuretheyunderstandtheimpactofasignificantfraudevent
– Establishcontrolsoverpaymentsystems• Implementtwo-factorauthenticationforonlinebanking• Requiresecondvalidationforwiretransfers&otherpayments• ConsiderusingacontrolledPCforonlinebankingactivity• Usechecksecurityfeatures/tools• MonitorchecksandACHusingtoolslikepositivepay• Takeadvantageofyourbank’sfraudtoolsorservices
– Implementastrongcybersecurityprogram
– Implementcontrolsforthirdpartyserviceproviders
– Reconcileaccountsregularlyandusebanktoolsandalertstokeeptabs
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
FraudPreventionTips
• Insiders– Followgoodhiringpractices:pre-hireduediligenceandbackground
checks
– Establishpoliciesandcodeofconduct,trainemployeesandholdthemaccountable
– Implementcontrolsoverpaymentsystems
• Segregationofduties
• Splitapprovals(oneusercreatespayment,seconduserapproves)
• Crosstrainandrotatehighriskjobs
• Controlsprotectboththecompanyandtheemployee
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
WhatDrivesSecurityEfforts?• Doing the ”Right Thing”• Protecting Organization Viability• Civil Liability• Director Liability• National Security• Federal Laws• International Laws• Regulators
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Standards, Frameworks, and Best Practices?
• Different than regulations like HIPAA or GLBA• A Roadmap to improved security posture
Examples:• Payment Card Industry Data Security Standards (PCI
DSS)• CIS Top 20 Controls• NIST Cybersecurity Framework• NIST Small Business Cybersecurity Guidance
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
CIS/SANS/NIST Top20
20) Penetration Tests and Red Team Exercises
19) Secure Network Engineering
18) Incident Response Capability
17) Data Loss Prevention
16) Account Monitoring and Control
15) Controlled Access Based on Need to Know
14) Maintenance, Monitoring and Analysis of Audit Logs
13) Boundary Defense
1) Inventory of Authorized and
Unauthorized Devices
12) Controlled Use of 11) Limitation and Control
Technological Leadership Institute
Administrative Privileges of Network Ports, Protocols and Services
.. U:-JIVERSITY Or M INNESOTA
..... Driven to Discover
2) Inventory of Authorized and Unauthorized Software
3 3) Secure Configurations for Hardware and
Software on Laptops, Workstations, and Servers
4) Continuous Vulnerability Assessment and Remediation
6
5) Malware Defense
6) Application Software Security
7) Wireless Device Control
8) Data Recovery Capability
9) Security Skills Assessment and Appropriate Training to Fill Gaps
10) Secure Configuration of Devices such as Firewalls, Routers, and Switches
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
164574.7=%&,.430P-.F=%&457&(0=6&Y.4/68/0=`
<0560.&G-.&'560.506&10/@.862&b <.868/49&<-56.-9=
Y,,#(+5"#'5:30#:#1+%+5)1'),'+4#'+)3'R'()1+$)0*'Z500'3$#"#1+')"#$'VRS'),'51+$2*5)1*'
\!2*+$%05%1'-5&1%0*'e5$#(+)$%+#'-+28G^
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Function and Unique
Identifier Category and Unique Identifier Subcategory Informative References
IDENTIFY (ID)
Asset Management (AM): Identify and manage the personnel, devices,
systems, and facilities that enable the organization to achieve business purposes, including their relative
importance to business objectives, in support of effective risk decisions.
ID.AM-1: Physical devices and systems within the organization are inventoried
• ISA 99.02.01 4.2.3.4 • COBIT BAI03.04, BAI09.01,
BAI09, BAI09.05 • ISO/IEC 27001 A.7.1.1, A.7.1.2 • NIST SP 800-53 Rev. 4 CM-8
CSC1 ID.AM-2: Software platforms and applications within the organization are inventoried
• ISA 99.02.01 4.2.3.4 • COBIT BAI03.04, BAI09.01,
BAI09, BAI09.05 • ISO/IEC 27001 A.7.1.1, A.7.1.2 • NIST SP 800-53 Rev. 4 CM-8 • CCS CSC 2
… …
… … …
PROTECT (PR)
Awareness and Training (AT): Ensure that organizational personnel and partners are adequately trained to carry out their assigned information
security-related duties and responsibilities through awareness
and training activities.
PR.AT-1: General users are informed and trained
• ISA 99.02.01 4.3.2.4.2 • COBIT APO07.03, BAI05.07 • ISO/IEC 27001 A.8.2.2 • NIST SP 800-53 Rev. 4 AT-2 • CCS CSC 9
… …
… … …
DETECT (DE)
Detection Processes (DP): Ensure timely and adequate awareness of
anomalous events through tested and implemented detection processes and
procedures.
DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability
• ISA 99.02.01 4.4.3.1 • COBIT DSS05.01 • NIST SP 800-53 Rev 4 IR-2,
IR-4, IR-8 • CCS CSC 5
… …
… … …
RESPOND (RS)
Mitigation (MI): Conduct activities to prevent expansion of an event,
mitigate its effects, and eradicate the incident.
RS.MI-1: Incidents are contained • ISO/IEC 27001 A.3.6, A.13.2.3 • ISA 99.02.01 4.3.4.5.6 • NIST SP 800-53 Rev. 4 IR-4
… …
… … …
RECOVER (RC)
Recovery Planning (RP): Execute Recovery Plan activities to achieve restoration of services or functions
RC.RP-1: Recovery plan is executed • COBIT DSS02.05, DSS03.04 • ISO/IEC 27001 A.14.1.3,
A.14.1.4, A.14.1.5
NIST Cybersecurity Framework
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
164574.7=%&,.430P-.F=%&457&(0=6&Y.4/68/0=`
c'1R&<2:0.=0/@.862&,.430P-.F&b '3B903056468-5&Q0/8=8-5
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
c'1R&<2:0.=0/@.862&,.430P-.F& '3B903056468-5&Q0/8=8-5
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Standards, Frameworks, and Best Practices?
Technologica Leadership lnsti
~ 0 i::::
~ ~ ~ Q: 0 v; ::i LL. 0 Lu (.!)
~ ~ u fli Cl..
50
40
30
20
10
0
CYBERSECURITY FRAMEWORK USAGE
As of 2015, 30% of U.S. 50% organizations use the NIST PROJECTED Cybersecurity Framework; • • • • • • and use is predicted to rise ••••• • • • • • • to 50% by 2020 according ••••• • • • • • • ••••• to Gartner research. • • • • • • • •••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • •••••
30% • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • • ••• 0%
2012 2015 2020
YEARS
NISI Notional Institute of Standards and Technology U.S. Department of Commerce
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*
d570.=6457&2-@.&.8=F
14G0;@4.7&2-@.&85G-.3468-5
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*
14G0;@4.7&2-@.&85G-.3468-5
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*
14G0;@4.7&2-@.&85G-.3468-5
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29
Tnreats Environmental
Business Resources
Hackers I Criminals
Vulnerabilities
Weakness in security protections
--[i e i oo - c ance ~of t ti reat a fecting t tie ousiness--
Technological Leadership Institute
Occurrence based on history I industry statistics
For adversarial threats: capability and intent
Impact - potentia arm tot e Business
The theft or disclosure of sensitive business information
Business information or systems being modified
The loss of information or system availability
RISK
.... UN I VERS IT Y OF MI NNESOTA
.-am. Driven to Discover "
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29Table 1: Jden.tify and Prioritize Jnfonnation Types
Example: Customer Contact
InfQrmation
Cost of revelation Med (Confidentiality)
Cost to verify High information (Integrity)
Cost of lost access High.
(Availability)
Cost oflost work High
Fines, penalties, Med customer notification
Other legal costs Low
Reputation I public High
Relations costs
Cost to identify and High repair problem
Overall Score: High
Technological Leadership Institute
.... UNIVERSITY OF MINNESOTA
.-a.. Driven to Discover ~
Info type l Info type 2 Info type 3 ...
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29
Tab.le 2: Inventory
Description (e.g. nickname, Location make, model. serial number, service ID , other identifying information)
[ Dr. J. Smith's cell phone; Mobile Type - Sonic; Version - 9.0 T&S Network ID - "Police Box"
2
3
4
5
Technological Leadership Institute
.... UNIVERSITY OF MINNESOTA
.-a.. Driven to Discover ~
Type of information the product comes in contact with.
Email,: Calendar; Customer Contact Information; Photos; Social Media; Locations; Medical Dictionary Application
Overall Potential Impact
High
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29Table 3: Identify Threats, Vulnerabilities, and the Likelihood of an Incident
Example: Customer Contact
Information on Dr. J. Smith's cel(pflone
Confidentiality
Med Theft by criminal (encrypted; password-
protecte<!J.. Med
Accidental disclosure (has previously lost _llfione twict&
Integrity
Accidental alteration by Med user I employee
Intentional alteration by external criminal I Low hacker
Availability
Accidental Destruction Med (fire, water, user error) (Regular backups)
Intentional Destruction Low
Overall Likellbood: Med
Technological Leadership Institute
.... U:-<tVERSITY OF Yltl'NESOTA
.-a.. Driven to Discover ·
Info type / Info type / lnfo type / Technology Technology Technology ...
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29
High
Impact
Low
Technological Leadership Institute
Table 4: Prioritize Resolution Action
Priority 3 - Schedule a Priority 1 - Implement resolution. Focus on Respond immediate resolution. Focus on
and Recover solutions. Detect and Protect solutions.
Priority 2 - Schedule a No action needed resolution. Focus on Detect and
Protect solutions.
Low High
Likelihood
... UNIVERSITY 01' MINNESOTA
.-a.. Driven to Discover
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Assessing your cybersecurity capabilities
• Identify cybersecurity-related activities that are critical to business strategy and the delivery of critical services;
• Prioritize investments in managing cybersecurity risk;• Assess the effectiveness and efficiency in using
cybersecurity standards, guidelines and practices;• Evaluate their cybersecurity results; and• Identify priorities for improvement.
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
>==0==85;&M-@.&<2:0.=0/@.862&)[email protected]&
h$#6*)1*#(2$5+G?():
= I4)'5*'%(()21+%60#',)$'G)2$'*#(2$5+G'3$)&$%:9= I4)'+%7#*'%(+5)1')1'*#(2$5+G'$#j25$#:#1+*9
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
ISACA.ORGTechnological
Leadership lnstih
MATURITY M ODEL
P010 Manage Projects
Manal:t'ment of the proass of 11/anag<' projerts that satisfies the business requirement for IT of •nsuring th• deifrt'I')' of projtct f<'Slllts '"ithln agr.:ed-11pon Um<' frames, blldgn and q11ali1)• is:
O Non-existent .. nc:n PIOJCCI m31\3gcrncnt tc:chniqllt's are not used and the organisation docs l>O( consider bas1nc:u impactS ossociated ,.;th project m 1smamgcmcn1 and dc\'dopmcnl project failures.
1 lnltlal/ Ad Hoc \\bcn The use of prOJCCI mmagcn>c:nt ltthniQUt'S md awroacbcs ,.;thin IT is a decision left to indi\idual IT man:iicn- Tl-.:rc is a bet of management coourutmcnl to proJCC1 °"'ncrship and project managemenL Cnt1cal doclSIOllS on proJCC1 tnan:1gcmcnt an: made "1thout user management or customer mpuL Tbc:n: is little..- oo customtr and user 1mvh'Cmcnt m dcfmuig IT proJCCIS. There is no c lc:u orpnis»aon ,.,Ihm IT fm the managcmcni of projccu. Roles and rcspo~1>1ht.,s for the ~cmcnt of pro)CCU an: not defined Projce1S.. schedules Ind milc:slon"5 an: poorly defined. if at all. Pro;cct st:tff rime md CXJ'C"IS"S an: not tracked and c..-npan:d to budgets.
2 Repeatable but Intuitive when Senior =~"'mcnt g;iim and c..-nrromicates an awareness of the need for IT project rnanagemcn1 The org.111"'3rion is in the process of dC\'Clopmg and ullhsing some techniques and mediods from project 10 project. IT proJCCIS ha,,, informally defined busmcs. and tcchrucal objcch\'CS. There is !united stakeholder im'Ol\i:mcnt m IT project lll3ll>gcmcnt. lmbal guwlclincs ""' d<..,.,,lopcd for many aspects of project rn:an:igcmcnt Application of project managm>c:nt guidelines is left to the discretion or the indivml project manager.
3 Defined when The IT p<OJe<:t management process and methodology arc es1:1blisbcd and communicated. IT project> arc defined with appropriate business nnd tcchmcul objectives. Senior IT and business management :ire beginning to be committed and m\vh-.:d in the m1111ngcment of IT projects. A project management office is established within IT, with initial roles and responsibilities defined. IT pro:icclS arc monitorc'CI, with defined and updated milestones, schedules, budget and pcrforman<lC mcasurcmcnu. Project management tntimng is nv:iil:lbk 1111d is primarily a result of individual staff imtiatl\'CS. QA proc<:durcs and post~ystcin 1mplcmcnllltion 1tell\'lt1cs arc defined but arc not bl'03dly applied by IT managers. Projccb arc bl-ginmng to be managed as ponfolio•
4 Man-Ced and Measurable when Manab"'mcnt rcquU'Cs formal and standardised project metrics and lessons lc:trncd to be rc-;.,..,,d following project complcuon. Project management is measwi:d and evaluated throughout the organisa1ion and nee just within IT Enhancx-mcnts to the project management process arc formalised and cormnunicated ,.;th project team members tr.uncd on cnhanccmc:nts. IT man:igcmcnt 1mplcmcnb a ptOjCCt organiS:t!Joo structure ,.;th docummted roles. respo11S1b1hbcs and stalTpcrfornw>cc cn1cn:i. Cnacn.a r ... C\'lllu:n1ng success at ac:h milestone arc established. Value and risk arc measured and rrunaged pnor to. dunng and after the c..-nplc:bon of pn>JeCU.. l'rqccts 111Crcasingly ad<ftss org;anisati.on go:tls. rather than only IT~pcc1fte OOCll Then: 1s strong and acb\-C p<OJect suppcn from senior management sponsors as ""II as stlkeholdcn. Rclc-1'111 project m31\3;crncnt training is planned fm staff 1n the ptOJCC1 managcmcnl ofJ">ec and across the IT function.
5 Optimised "hc:n A l""''m. full bfc C)i:lc project and programme mcdaodology is implemented. cnfon:ed and intcgl1lted into the culture of the entire orpr11sa11on. An ongoing miuatn" to identify and insritutionalisr best project m:in.agcrncnt prxt1c:cs IS unplcmcnted. An IT strategy for sowcuig dC\'Clopmcnt and opcrallOnal projects is defined and implcmcnted. An mtcgr:ated proJCCI ~'Cll\CDl office is
rcspoll>lblc r ... pro)cctS and programmes from i.ruptioo to post-implcmcntlbon. Org:ttusabonwidc pl.vmmg or programmes and p<OJCCIS ensures th:t1 user and IT rcSCJUKCS arc best iailiscd to support suatcgic initialn'Cs
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
>==0==85;&2-@.&/2:0.=0/@.862&/4B4:898680=
A-!C!?QHJ
1. IT Stratesv Formulltlon 16. IT lnddent Manaa~ment 2. Enterprise Atchltecture
Manaaement
3. IT lnltl1tives Formulltlon
14. IT Problem Manaaement 4 . fT Protrams & Pro)Kts
Proeramm nc
5. IT Prolfilms & Projects Pomollo Man11ement
U. IT Change Management 6. IT Programs & Pro)ects
lmptementinc
- Scoff'
- Gol
-~.
Technological Leadership Institute
11. IT Avanabllity Manacement
10. IT Capacity Management ~~--
' . Information Sewrfty Manacement
~---'-rr ~rvlce Continuity Manacement
9. rT ~Niu Ms.et & Configuration Manacement
... C:>itVERSITY Of '.\1t:>Jl"ESOTA
~. Driven to Discover
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
c'1R&Q.4G6&<2:0.=0/@.862&109G+>==0==3056&R--9Assessment Rubric Process (Categories 1-6)
Maturity Level Approach Deployment
Reactive CVBERSECURITY-related DEPLOYMENT of CYBERSECURITY-related policies/operations are APPROACHES to appropriate characterized by activities organizational units, and to rather than by PROCESSES. CUSTOMERS, PARTNERS, and suppliers,
as appropriate, is lacking.
Early CVBERSECURITY-related KEY CYBERSECURITY-related APPROACHES
policies/operations are are beginning to be DEPLOYED to beginning to be carried out appropriate organizational units and With SYSTEMATIC APPROACHES. to CUSTOMERS, PARTNERS, and
suppliers, as appropriate.
Mature Most elements of CYBERSECURITY- KEY CYBERSECURITY-related APPROACHES related policies/operations are are well DEPLOYED to appropriate characterized by SYSTEMATIC organizational units and to APPROACHES. CUSTOMERS, PARTNERS, and suppliers,
as appropriate.
Role Many to all elements of KEY CYBERSECURITY-related APPROACHES Model CYBERSECURITY-related are fully DEPLOYED to appropriate
policies/operations are organizational units and to characterized by SYSTEMATIC CUSTOMERS, PARTNERS, and suppliers, APPROACHES. as appropriate.
Technological Leadership Institute
.... U'.'JIVERSITY OF MINNESOTA
.-a.. Driven to Discover ·
Evaluation Factor
Learning Integration
Improvement in CYBERSECURITY- CYBERSECURITY-related goals are poorly defined; related policies/operations is individual units within the CYBERSECURITY achieved mainly in reaction to operations function independently of each immediate needs or problems. other. There is no coordination between
CYBERSECURITY-related policies/operations and those of the rest of the organization.
CYBERSECURITY-related CYBERSECURITY-related strategy and quantitative
policies/operations are beginning to GOALS are being defined. There is some early be SYSTEMATICALLY evaluated and alignment among CYBERSECURITY operational improved. units and, as appropriate, between
CYBERSECURITY policies/operations and the rest of the organization.
CYBERSECURITY-related CYBERSECURITY-related APPROACHES address KEY policies/operations are strategies and GOALS. There is alignment SYSTEMATICALLY evaluated for among CYBERSECURITY operational units and, as improvement, and learnings are appropriate, between CYBERSECURITY shared, with some INNOVATION policies/operations and the rest of the evident. organization.
CYBERSECURITY-related CVBERSECURITY-related policies/operations are policies/operations seek and achieve INTEGRATED with current and future efficiencies through ANALYSIS, organizational needs defined by the INNOVATION, and the sharing of organization; these policies/operations are CYBERSECURITY information and well INTEGRATED with those of the rest of the knowledge, including with the rest of organization. the organization.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SBATopTenCybersecurityTips
1. Protectagainstviruses,spyware,andothermaliciouscodeMakesureeachofyourbusiness’s computersareequippedwithantivirussoftwareandantispywareandupdateregularly.Suchsoftwareisreadilyavailableonlinefromavarietyofvendors.Allsoftwarevendorsregularlyprovidepatchesandupdatestotheirproductstocorrectsecurityproblemsandimprovefunctionality.Configureallsoftwaretoinstallupdatesautomatically.
2. SecureyournetworksSafeguardyourInternetconnectionbyusingafirewallandencryptinginformation. IfyouhaveaWi-Finetwork,makesureitissecureandhidden.TohideyourWi-Finetwork,setupyourwirelessaccesspointorroutersoitdoesnotbroadcastthenetworkname,knownastheServiceSetIdentifier(SSID).Passwordprotectaccesstotherouter.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SBATopTenCybersecurityTips
3. EstablishsecuritypracticesandpoliciestoprotectsensitiveinformationEstablishpoliciesonhowemployeesshouldhandleandprotectpersonallyidentifiableinformationandothersensitivedata. Clearlyoutlinetheconsequencesofviolatingyourbusiness’scybersecuritypolicies.
4. EducateemployeesaboutcyberthreatsandholdthemaccountableEducateyouremployeesaboutonlinethreatsandhowtoprotectyourbusiness’sdata,includingsafeuseofsocialnetworkingsites. Dependingonthenatureofyourbusiness,employeesmightbeintroducingcompetitorstosensitivedetailsaboutyourfirm’sinternalbusiness.Employeesshouldbeinformedabouthowtopostonlineinawaythatdoesnotrevealanytradesecretstothepublicorcompetingbusinesses. Holdemployeesaccountabletothebusiness’sInternetsecuritypoliciesandprocedures.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SBATopTenCybersecurityTips
5. RequireemployeestousestrongpasswordsandtochangethemoftenConsiderimplementingmultifactorauthenticationthatrequiresadditionalinformationbeyondapasswordtogainentry.Checkwithyourvendorsthathandlesensitivedata,especiallyfinancialinstitutions,toseeiftheyoffermultifactorauthenticationforyouraccount.
6. EmploybestpracticesonpaymentcardsWorkwithyourbanksorcardprocessorstoensurethemosttrustedandvalidatedtoolsandanti-fraudservicesarebeingused.Youmayalsohaveadditionalsecurityobligationsrelatedtoagreementswithyourbankorprocessor.Isolatepaymentsystemsfromother,lesssecureprogramsanddonotusethesamecomputertoprocesspaymentsandsurftheInternet.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SBATopTenCybersecurityTips
7. MakebackupcopiesofimportantbusinessdataandinformationRegularlybackupthedataonallcomputers.Criticaldataincludeswordprocessingdocuments,electronicspreadsheets,databases,financialfiles,humanresourcesfiles,andaccountsreceivable/payablefiles.Backupdataautomaticallyifpossible,oratleastweekly,andstorethecopieseitheroffsiteoronthecloud.
8. ControlphysicalaccesstocomputersandnetworkcomponentsPreventaccessoruseofbusinesscomputersbyunauthorizedindividuals.Laptopscanbeparticularlyeasytargetsfortheftorcanbelost,solockthemupwhenunattended.Makesureaseparateuseraccountiscreatedforeachemployeeandrequirestrongpasswords.AdministrativeprivilegesshouldonlybegiventotrustedITstaffandkeypersonnel.
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SBATopTenCybersecurityTips
9. CreateamobiledeviceactionplanMobiledevicescancreatesignificantsecurityandmanagementchallenges,especiallyiftheyholdconfidentialinformationorcanaccessthecorporatenetwork..Requireuserstopasswordprotecttheirdevices,encrypttheirdata,andinstallsecurityappstopreventcriminalsfromstealinginformationwhilethephoneisonpublicnetworks.Besuretosetreportingproceduresforlostorstolenequipment.
10. Protectallpagesonyourpublic-facingwebsites,notjustthecheckoutandsign-uppages
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Leverage your relationships
• Service Providers and Partners• Information Sharing
– Other similar entities– Organizations like Infragard or ISSA– Formal Sharing organizations – Your network of security minded peers– Lists and bulletins from reputable sources
• Take advantage of training opportunities and make time to share learnings – it’s an investment
• Insurance company – Cyber Insurance• Consultants and Auditors
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
Balancing Resources for Security
• Security can’t trump service delivery• How mature is your process
– Considerations for resource availability– Projects designed to do it right the first time rather than fix it later– Benchmarks and metrics to support resource needs– New functionality is considered with security impact PRIOR to
implementation
• If you don’t have the expertise, consider outsourcing– Managed services or consultants– Cloud isn’t necessarily bad (anymore…)
• Build relationships with other similar organizations– Conduct joint training exercises– Share threat and incident information with your peers
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
SMBCybersecurityResourcesNISTCybersecurityforSmallBusinesses• http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdfNationalCyberSecurityAlliance– CyberSecure MyBusiness• https://staysafeonline.org/cybersecure-business/• https://staysafeonline.org/event_category/cybersecure-my-business/SBACybersecurityPageandCybersecurityOnlineTraining• https://www.sba.gov/managing-business/cybersecurity• https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-
businessesFCCCybersecurityPageandCyberPlannertool• https://www.fcc.gov/general/cybersecurity-small-business• https://www.fcc.gov/cyberplannerStop,Think,Connectforsmallbusinesses• http://www.stcguide.com/explore/small-business/US-CERTResourcesforSmallandMidsizedbusinesses• https://www.us-cert.gov/ccubedvp/smb
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• Plan for security from the beginning– Design it in, don’t bolt it on
• Knowing what is important and where it is– Inventories and prioritized controls
• Identify the threats and risks– Who wants our “stuff” and how can they get it
• Is someone accountable for security?– Do they have the tools and resources to be
effective?
Top Risks and Best Practices
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• Ransomware– Backups, AV/Malware protection and
education
• No perimeter– Mobile devices, cloud apps, service providers
• Service providers– Outsource where necessary but keep
accountability
• Is everyone aware?– Phishing, malware, bad behaviors, etc.
Top Risks and Best Practices
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
• Email and Internet risks– Phishing, malware downloads, bad behaviors
• Architecture design and systems administration– Plan for security and pay attention to the
important stuff
• Find a trusted partner/expert to help– Focus on your core competencies, but get the
help you need
Top Risks and Best Practices
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
c)2'(%1[+'8)'#"#$G+451&'%+')1(#T'%18'5+[*'1)+',#%*560#'+)'&)',$):'%'0)Z':%+2$5+G'0#"#0'+)'45&4')"#$15&4+
P /%*5('60)(751&'%18'+%(7051&P @)05(5#*'%18'-+%18%$8*'B *3#(5,5('+)'G)2$'
1##8*'%18')$&%15>%+5)1%0'*+$2(+2$#P CG6#$'5*1[+'*3#(5%0T':%1%&#'5+'057#'%1G')+4#$'
$5*7'+4%+'G)2',%(#'51'G)2$')$&%15>%+5)1P Y:34%*5>#'%6505+5#*'+)',518'%18'$#:#85%+#'B
30%1',)$'6$#%(4'%18'05:5+'8%:%&#
10/@.862&(0=6&Y.4/68/0=I4%+'%$#'+4#'65&&#*+'$5*7*'+)'G)2$')$&%15>%+5)19P @45*451&W-3#%$'@45*451&P @%**Z)$8'H#=2*#P -)(5%0'#1&51##$51&P H%1*):Z%$#P @%+(4'%18'"201#$%6505+G':%1%&#:#1+P A1#,,#(+5"#'$#*)2$(#'3$5)$5+5>%+5)1'3$)(#**P -#(2$5+G'*7500*'*4)$+%&#'
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
WHO IS TLI - OUR STORY
• Established in 1987 with an endowment from Honeywell Foundation
• Three M.S. degree programs; MDI, MOT & MSST
• Short courses & seminars• 1300 degree program
graduates• Five endowed chairs• 60+ faculty
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
OUR MISSION
TLI’s mission is to develop local and global leaders for technology-intensive enterprises, and to empower executives and leaders in their strategic vision to leverage technology to drive business development.
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=
TLI develops business leaders for
technology-intensive organizations
CSE develops strong engineers and scientists Technical Talent
Technological Leadership Institute
.... U~ I VERSITY Of MINNESOTA
.-a.. Driven to Discover
MS in Management of Technology
MS in Medical Device Innovation
MS in Security Technologies
Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.
MSST BY DESIGN: BECOME A THREAT EXPERT
• Understand risk
• Identify risk
• Mitigate risk
• Integrate tools
• Apply tools
!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=