Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would...
Transcript of Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would...
![Page 1: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/1.jpg)
Would You Trust a Thief?
Webinar 6/28/2016 Noon – 1:00 p.m. ET
The Dos, Don’ts, Wishes and Regrets
Associated with Ransomware
Richard Shutts, HBS Alex Rosati, HBS Alan Winchester, HBS Tad Mielnicki, AAG
www.hbsolutions.com DM#2847972.1
![Page 2: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/2.jpg)
HB Access℠
2
Alex Rosati, HBS Tad Mielnicki, AAG Alan Winchester, HBS Richard Shutts, HBS
HB ACCESS℠ is offered jointly by HB Solutions LLC and Access Advisory Group LLC. About HB Solutions: HB Solutions Data Privacy and Cybersecurity has provided cybersecurity prevention and post-breach response support to organizations in highly regulated industries and can advise on establishing the right level of certification compliance and the necessary reporting to minimize the liability associated with cybersecurity incidents. HB Solutions LLC is a consulting subsidiary of the law firm Harris Beach PLLC, established to provide non-legal consulting services to organizations and individuals in the private and public sectors across numerous industries. About AAG: Access Advisory Group is comprised of proven cybersecurity leaders and technology operators who have worked in the highest levels in the U.S. Department of Defense, Intelligence Community and Department of Homeland Security. AAG has extensive experience in data encryption and management, data collection and analytics and in-depth knowledge across the spectrum of cybersecurity tool
![Page 3: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/3.jpg)
Ransomware Introduction
Ransomware is a type of malware designed to restrict access to the affected computer system until a ransom is paid to the malware operator. It typically encrypts the files it can reach with an algorithm impossible to crack.
3
![Page 4: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/4.jpg)
Ransomware Introduction (continued)
Once the virus is able to penetrate the perimeter defenses it is free to spread throughout large portions of the environment encrypting any and all files it encounters.
4
![Page 5: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/5.jpg)
Ransomware Introduction (continued)
In exchange for payment, the malware operator HOPEFULLY gives the users the encryption key and the computer is returned to an operational status.
5
![Page 6: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/6.jpg)
Ransomware Introduction (continued)
The malware operators historically have made relatively modest demands for the encryption keys; perhaps 1-2 Bitcoins per computer.
6
![Page 7: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/7.jpg)
Ransomware Introduction (continued)
Many companies simply choose to pay the ransom and move on without involving law enforcement or their attorneys.
7
![Page 8: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/8.jpg)
Ransomware Introduction (continued)
How an organization responds to the discovery of Ransomware will significantly impact the ability to detect the other actions which may have been taken.
8
![Page 9: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/9.jpg)
Scenario One
The computer can’t read any of the files and the files on their network drive are also locked.
9
![Page 10: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/10.jpg)
Scenario One Discussion
What happened to this organization? Have they been breached?
10
![Page 11: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/11.jpg)
Scenario One (continued)
o Is this a crime? • Must you report the breach to law enforcement? • Who has jurisdiction? • How does reporting help? • What are the down sides of reporting?
• How common is this? • How do these things get into the company? • Who are these bad actors?
11
![Page 12: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/12.jpg)
And Then….
After ransomware was detected a technician determined that all the corporate information existed on backup and decided to reformat the servers and restore from backups. Then the technician calls you. What issues does this raise?
12
![Page 13: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/13.jpg)
What Happened?
Forensic Issues • What difference did it make that the
technician reformatted over all the drives?
13
![Page 14: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/14.jpg)
What Happened? (continued)
IT perspective • What, if anything, should the technician have
done differently? • How would these different actions have given
the company any additional options? • Given the current situation, is the response
enough or must the company address its other systems and in what manner?
14
![Page 15: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/15.jpg)
IT Suggestions and Concerns
What must you do after a breach and depending on how the technician responded, what options exist?
• Identify affected systems and information? • What to do with infected computers? • How are your backups? • What else did the malware operator do?
15
![Page 16: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/16.jpg)
Policy Issues
Depending on how the technician responded: • Without police involvement is there a basis to
delay notification if it finds that it has a duty to report?
• Should the company assume that any PII on the system has been stolen?
• If so, what duties does it now have?
16
![Page 17: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/17.jpg)
Policy Issues (continued)
Cyber insurance – is coverage impacted? Notification issues
o Does the fact that ransomware was installed trigger a notification duty if there was protected private information on the system?
o How do you assess what information or data types were on the system?
o Regulator, state and federal laws and reporting requirements
o Contractual obligations o Business considerations
17
![Page 18: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/18.jpg)
What Happened? (continued)
How else is the company affected?
• Publicity • Direct Costs. According to Ponemon 2015
Cost study a breach costs $12.60/record. • Indirect costs
18
![Page 19: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/19.jpg)
Risk Reduction Strategies
How would an incident or breach response plan have aided in this situation?
19
![Page 20: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/20.jpg)
Breach Response Team and Issues
Who needs to be involved from within the organization to build a response plan?
Communication / notification considerations • Legal team and security consultants • Management team • Brand issues • Customer issues • Law enforcement Board issues
20
![Page 21: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/21.jpg)
Discussion Topics
• What is a bitcoin and where do I get one? • Is paying the ransom so bad? May 8, 2016 June 22, 2016
21
![Page 22: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/22.jpg)
Risk Reduction Strategies
IT Considerations Surveillance of your network
• Who is on it and does it make sense? • What accounts are enabled? • Is there a thoughtful allocation of rights on the system? • How is the network configured? • Is there separation between different groups to contain
loss? • What rights do users have and are they restricted? • Are there any controls and processes in place to limit
what can be connected to the network?
22
![Page 23: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/23.jpg)
Risk Reduction Strategies
Technical Considerations • Network segmentation • User rights • Data encryption
• End to end data visibility and management
• Surveillance and logging • Red teaming and Pen Testing – Checking
a box is not enough • Other options
23
![Page 24: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/24.jpg)
Risk Reduction Strategies (continued)
Policy Considerations ISO27001; NIST; COBIT; etc. How is confidential information treated?
• Encryption? Contractual and industry requirements Legal requirements (SEC, HIPAA, FTC…)
24
![Page 25: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/25.jpg)
Discussion Topics (continued)
Human Considerations • Social Engineering Testing • Test the Incident Response Plan • User training • Behavior focused handbooks
25
![Page 26: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/26.jpg)
The HB Access team wants to work with you to build your business by helping you understand your Information Security (Infosec) risk in the same way you understand your other risks. Our integrated team understands your business needs and will tailor your policy, human capital and technology Infosec approaches to enable you to build and not stop your efforts. We will tell you how when the industry tells you don’t. HB Access
Policy Human Systems Technical
26
Improving your InfoSec HB Access℠
![Page 27: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/27.jpg)
Combined Risk Assessment
Infosec enables a company to do business by enabling the access, storage and distribution of data that must remain secure. Understanding the lifecycle risk of data is crucial to the operation of any modern business. Typical approaches to Infosec risk apply industry standards without individual business context or policy standards without technical context.
Technical Assessment
Policy / Regulatory Assessment
Human Systems
Assessment
Combined Risk
Assessment
27
![Page 28: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/28.jpg)
HB Access℠ Service Overview
PROACTIVE PROTECTION ANALYSIS
Initial Assessment • Meet with key stakeholder • Identify and develop visions and goals
Compliance Issues • Consult on compliance requirements • Draft policies • Review contracts • Advise on issues of non-compliance
Risk Assessment • Technical • Administrative • Red Teaming • Physical
LOSS MITIGATION Insurance Counseling • Insurance and contract evaluations • Analysis on risk level and exposure
Employee Education & Awareness • Design training programs • Develop and revise employee manuals
Crisis Readiness • Evaluate / develop Incident Response • Communication and media training • Business Recovery Planning
POST BREACH RESPONSE Immediate Crisis Response • Detect and eliminate security breach • Consult on notification requirements
Claims Response • Develop claims response program • Negotiate and audit claims services • Facilitate legal representation
![Page 29: Would You Trust a Thief? - HB Solutionshbsolutions.com/.../uploads/Would-you-trust-a-Thief...Would You Trust a Thief? Webinar 6/28/2016 Noon – 1:00 p.m. ET The Dos, Don’ts, Wishes](https://reader034.fdocuments.in/reader034/viewer/2022043022/5f3d992812f42e60175d3e89/html5/thumbnails/29.jpg)
Final thoughts and Questions?
For more information write:
29
Tad Mielnicki [email protected]
Alexander Rosati [email protected]
Rick Shutts [email protected]
Alan Winchester [email protected]
HB|Solutions: 866.820.3167