Cybersecurity Webinar Series - Ransomware is Alive and ...€¦ · 1. Assessing Your Biggest...
Transcript of Cybersecurity Webinar Series - Ransomware is Alive and ...€¦ · 1. Assessing Your Biggest...
© 2020 Jack Henry & Associates, Inc.®1 © 2020 Jack Henry & Associates, Inc.®
Rick Phillips – Stickley on Security
Viviana Campanaro – CISSPGladiator Security & Compliance Sales Engineer
Cybersecurity Webinar Series -Ransomware is Alive and Well: Are you?
February 12, 2020
© 2020 Jack Henry & Associates, Inc.®2
Cybersecurity Webinar Series
• Multi-part, educational series• Proactive Cybersecurity: Staying Ahead of Threats
1. Assessing Your Biggest Security Risks Before It Is Too Late – October 29th
2. Machine Learning and the Latest Protection methods – December 12th
3. Cyber Threats and Trends for 2020 – January 14th
4. Ransomware is alive and well: are you? – February 12th
5. Gone Phishing: Tips, Tricks and Lessons Learned in the Battle of Social Engineering – March 18th
6. Unleashing the true value of GRC - April 29th
© 2020 Jack Henry & Associates, Inc.®3
Malware Landscape
© 2020 Jack Henry & Associates, Inc.®4
Landscape
© 2020 Jack Henry & Associates, Inc.®5
Why Are Attacks More Effective? Available Data
16 Billion
© 2020 Jack Henry & Associates, Inc.®6
Why Are Attacks More Effective? Revenue
© 2020 Jack Henry & Associates, Inc.®7
© 2020 Jack Henry & Associates, Inc.®8
© 2020 Jack Henry & Associates, Inc.®9
Chinese/North Korean Government Hacking Group
© 2020 Jack Henry & Associates, Inc.®10
The Anatomy of a Phishing Attack
© 2020 Jack Henry & Associates, Inc.®11
© 2020 Jack Henry & Associates, Inc.®12
Example.com213.48.212.85
Blacklist Service183.88.245.11
IP Lookup183.88.245.11
© 2020 Jack Henry & Associates, Inc.®13
Email Spoofing Pivots to Look-alike Domains
Stickleyonsecurity.com namewest.com/simple-typo
sticklyeonsecurity.comstickleoynsecurity.comstickleynosecurity.comstickleyosnecurity.comstickleyonescurity.comstickleyonsceurity.comstickleyonseucrity.comstickleyonsecruity.comstickleyonsecuirty.comstickleyonsecurtiy.com
stickleyonseucrity.com
1. Identify Target2. Purchase look-alike domain3. Follow all proper domain registration
processes including DMARC4. Park the domain for a couple months
to appear to be legitimate5. Research Target to determine who
will be impersonated6. Purchase email list of Target
employees7. Launch
© 2020 Jack Henry & Associates, Inc.®14
© 2020 Jack Henry & Associates, Inc.®15
© 2020 Jack Henry & Associates, Inc.®16
© 2020 Jack Henry & Associates, Inc.®17
How to prepare, protect and prevent
© 2020 Jack Henry & Associates, Inc.®18
Event Action Plan: Preparedness
1. Incident Response Plan2. Business Continuity Plan3. Failover Plan4. Backup Strategy
1. Ransomware, Data Breach
2. How do we keep serving
3. How are we going to recover
4. What will be the data gap
© 2020 Jack Henry & Associates, Inc.®19
Prevention Action Plan: Layered Security1. Infrastructure (firewall, email filter, anti-virus,
cloud backup, etc.)
2. Outside Email Warning Messages3. Domain Security (lock down look-alike and
typosquatting domains)
4. Employee Education that keeps pace with the evolving threat landscape
5. Phishing Simulation
Employee Training Methods
Annual or Quarterly Phishing only14-24% Click Rate
Monthly Phishing8-14% Click Rate
Monthly Phishing with Quarterly Education0-5% Click Rate
© 2020 Jack Henry & Associates, Inc.®20
Gladiator® Security Services
• Centurion Disaster Recovery• Disk to disk to cloud backup and recovery
• Gladiator Hosted Network Solutions• Virtual Desktop Infrastructure (VDI)• Disaster Avoidance services
• Gladiator Total Protect Suite• New advanced SIEM / SOAR• Machine Learning, Predictive & Prescriptive Analytics• Enhanced Threat Intel Platform, built solely for FI’s• IT Regulatory Compliance solutions
© 2020 Jack Henry & Associates, Inc.®21
Thank You
Rick PhillipsStickley on [email protected]
• Employee Education• Phishing Simulation• Domain Security• Automated Security Center
Viviana Campanaro, [email protected]