Maintaining Security and Regulatory Compliance During A ...- Ensure that all desktop/terminals, in...
Transcript of Maintaining Security and Regulatory Compliance During A ...- Ensure that all desktop/terminals, in...
Regine BonneauRick DumanVice President CEO & Founder
Maintaining Security and Regulatory Compliance During A Pandemic
Cybersecurity Updates and Recommendations COVID Related Phishing COVID Ransomware Remote Workforce Threats
Compliance Updates and Recommendations COVID Related Compliance Updates HIPAA PCI
Closing / Q&A
.
• Expertise: Company founded in 2001 with experienced team• Development: Cybersecurity Focused Research and Development • Proprietary Technology: Patented & Patent Pending Technology
Preventing Breaches inline and in Real-time• Security Experts: US Based SOC, Highly Trained Engineers, US Citizens
PEOPLE PROCESS TECHNOLGY
C Y B E R S E C U R I T Y
. Why is this Important?
https://www.helpnetsecurity.com/2020/04/10/covid-19-fears/
.
Example – UK Themed SMS Phishing
Source: https://www.us-cert.gov/ncas/alerts/TA18-201A
.
Authority - Is the sender claiming to be from someone official?
Urgency - Are you told you have a limited time to respond?
Emotion - Does the message make you panic, fearful, hopeful, or curious?
Scarcity - Is the message Offering something in short supply?
.
Source: cvedetails.com
Why is Vulnerability Management Important?
.
RDP Use has risen on account of COVID
• Known vulnerabilities (2019)
• Easily Detectable via scan
• Susceptible to Brute Force
• Dark Web Stolen Credentials
Identify and Patch Vulnerabilities
Block or limit RDP access from Internet
Make it harder to Brute Force
Monitor Dark Web for Stolen Credentials
Steps to reduce RDP Risk
Citrix:CVE-2019-19781
Pulse Connect Secure:CVE-2019-11510CVE-2019-11539
Fortinet:CVE-2018-13379CVE-2018-13382CVE-2018-13383
Palo Alto:CVE-2019-1579
Vulnerabilities exploited in VPN products used worldwide
What you need to know
As of 4/9/20 - These vulnerabilities continue to be exploited
Exploit code for these vulnerabilities is publicly available online.
https://www.zdnet.com/article/coronavirus-microsoft-directly-warns-hospitals-fix-your-vulnerable-vpn-appliances/?&web_view=true
.
• Daily Use grew from 10M to 200M in March• Privacy Issues identified (Facebook)• Zoom-Bombing• Zoom Security Bugs• Zoom doesn’t use end-to-end encryption as advertised• App was leaking user’s email and photos to via feature
bug• Zoom Accounts found on Dark Web• Multiple Organizations and business have now banned
Zoom• Hackers selling Zoom Exploits $5K-$30K
https://www.cnet.com/news/zoom-every-security-issue-uncovered-in-the-video-chat-app/
.
https://www.techrepublic.com/article/covidlock-ransomware-exploits-coronavirus-with-malicious-android-app/
https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware
.
• Do you trust Ransomware Operators?
• “Accidental” Ransomware
• Are you in Healthcare?
Breach Timeline
Compromise50% in minutes18% in hours17% in days
Data Exfiltration32% in minutes24% in hours22% in days
Containment42% in days28% in weeks10% in months
Discovery< 2% in minutes20% in days37% in months20% in years
Initial Attack
2019 Verizon Data Breach Investigations Report
60% of breaches take months to discover.
traffic expire in November 2016, and the hackers’ presence in the
company’s network went undetected for 78 days.
U.S. Senate Report 03/06/19
let a tool used for monitoring malicious web
Confirm AV and Endpoint Protection is up to date
Run Vulnerability scans update/patch systems as needed
Review AND React to security alerts ideally 24x7
Security Awareness Training WITH Phishing Simulation for employees
Monitor Dark Web for stolen credentials
Ensure backups are configured properly and verify network segmentation of backups
Enable Multi-Factor authentication (MFA) where possible
Use encrypted communications
Enable VPN for remote workers
Implement SIEM to ensure proper logging
Let’s Take Questions Submit Your Question Via
The Participant’s Panel
.
Government agencies who use third-party brokers to procure medical equipment and PPE are most affected by the fraud. Recent reporting from multiple sources indicates an increase in financial fraud schemes. Criminals are exploiting the high demand for PPE and ventilators, global supply chain disruptions, and worldwide manufacturing shortages of medical supplies created by the COVID-19 pandemic. In several schemes, criminals impersonated legitimate PPE and ventilator suppliers to contact third-party brokers who unwittingly facilitate the transactions with hospitals and other medical facilities.
Procurement entities have reported million-dollar losses due to the solicitation and subsequent non-delivery of purchase orders of ventilators after victims provided payment. In at least one case in late March 2020, an alleged criminal defrauded a state government agency of approximately $32 million by non-delivery of ventilators. A third-party broker, who was hired by the agency to procure ventilators from medical equipment suppliers, was scammed by criminals posing as a legitimate Chinese supplier and requested an upfront payment to two Hong Kong-based bank accounts. The criminals’ internet protocol addresses and phone numbers resolved to Nigeria
Property of RB Advisory LLC - Copyright 2020
Regine Bonneau is the Founder and CEO of RB Advisory, LLC, which provides cyber risk management, security assessments, compliance services, forensic audits, and privacy consultations for private sector and government clients. She founded RB Advisory after years of working in the risk management and compliance industries.
Ms. Bonneau is a leading expert and practitioner in governance, risk management, compliance, and cybersecurity. Ms. Bonneau believes in order to create an effective governance, compliance and security culture there needs to be an understanding of each aspect of the phenomena in enterprise risk management and governance with insight and commitment at every level of an organization. Her career spans 20 years with a focus on people, process, and technology in the healthcare, financial, legal, government and energy sectors from small to large enterprises.
SBE: Small Business EnterpriseM/WBE: Minority Woman Business Enterprise
DBE: Disadvantage Business EnterpriseLDBE: Local Disadvantage Business Enterprise
Services
CYBERSECURITY
Cyber Risk AssessmentsGap AnalysisVulnerability ManagementPenetration TestingCybersecurity Strategy PlanM&A Due DiligenceVirtual CISO (vCISO)
RISK MANAGEMENT
Cyber Risk Management PlansCyber Liability InsuranceIT Security AuditsIncident Response PlanThird Party Risk ManagementCyber Risk for Small BusinessCloud ManagementChange Management
COMPLIANCE
Governance, Risk, CompliancePrivacy Consultations: Safeguards, US Privacy Shield, & EU’s GDPR Federal and State Regulations: Compliance/PrivacyNIST 800-171/CMMCEducation & Awareness TrainingPolicies & Procedures
This has forced information security teams to shore up security in the face of a majority virtual workforce and increased attacks, on top of their day-to-day responsibilities of managing risk and meeting compliance.
2020 was slated to be a benchmarking year for many industries in terms of cybersecurity compliance:
• Cybersecurity Maturity Model Certification (CMMC) version 1.0 released by the Department of Defense for defense contractors
• New regulations set to go into effect:- The New York Department of Financial Services- The much-anticipated California Consumer Privacy Act
Now, with security teams being pulled in many directions they are being faced with hardening security as well as meeting these standards – or are they?
Property of RB Advisory LLC - Copyright 2020
COVID-19 Pandemic landscape is changing rapidly.
COVID-19 Compliance Update
COVID-19 has placed healthcare systems and hospitals under the most strain.
Department of Health and Human Services has relaxed enforcement of the HIPAA Security Rule to accommodate:
- Telehealth due to usage of less secure video conferencing tools
- Emergency area (per Public Health Emergency Declaration)- Hospitals that have implemented a disaster protocol- Up to 72 hours
Property of RB Advisory LLC - Copyright 2020
HIPAA Security Rule
We will go back to normal upon the termination of the Presidential or
Secretarial declaration.
People- Implement a security awareness program- Ensure home networks are secured and employees are not sharing
information with unauthorized individuals
Process- Ensure that at-home/remote workers use a multi-factor authentication- Restrict physical access to media containing payment card data,
Technology- Require all personnel to use only company-approved hardware devices- e.g.,
mobile phones, telephone handsets, laptops, desktops, and systems.- Ensure that all desktop/terminals, in remote/at-home working environments:
Have personal firewalls installed and operational.Have the latest version of the corporate virus-protection software and definition files.Have the latest approved security patches installed.Are configured to prevent users from disabling security controls.
Property of RB Advisory LLC - Copyright 2020
PCI DSS
- Education and Awareness Training- Keep Your Anti-Virus and Anti-Malware up-to-date- Conduct Vulnerability Scans- Strick Enforcement of Multi-Factor Authentication for Both Employees and Patients- Monitor
Perform Risk Assessment:
Property of RB Advisory LLC - Copyright 2020
Areas of Cybersecurity Strength
Property of RB Advisory LLC - Copyright 2020
Empowering Companies to Successfully Manage Global
Cybersecurity Risks, Vulnerabilities and
Compliance Requirements
Regine BonneauCEO/FounderCell: [email protected]://rbadvisoryllc.com
Property of RB Advisory LLC - Copyright 2020