Cyber Resilience OCTOBER 19, 2018 COLUMBIA, SC Cyber Resilience - - PowerPoint PPT Presentation
Financial Planning Association South Carolina Cyber Resilience OCTOBER 19, 2018 COLUMBIA, SC Cyber Resilience Professional Tom Scott New Century Solutions LLC | NCS Cyber Certified Information Systems Security Professional Certified
Financial Planning Association South Carolina
“Cyber Resilience”
OCTOBER 19, 2018 COLUMBIA, SC
2 | N C S C Y B E R . C O M
Tom Scott
New Century Solutions LLC | NCS Cyber
Certified Information Systems Security Professional Certified Information Systems Auditor Certified Risk Information Systems Control Project Management Professional Certified Critical Infrastructure Manager
Cyber Resilience Professional
3 | N C S C Y B E R . C O M
SCCYBER.ORG 3 |
4 | N C S C Y B E R . C O M
5 | N C S C Y B E R . C O M
Computing is an immature Industry…
➢Real Internet or www. begins in the early 1980’s. ➢Just earlier in 1973 the first network (exclusively run by government and educational institutions) had only 100 nodes
servers were connected). ➢Late 1980’s, CRAY XMP-1 super computer was touted as fastest computer of all time at 200m calculations per second. ➢Today’s iPhone 7 is faster. ➢Windows 10 has 60m lines of code.
6 | N C S C Y B E R . C O M
SCCYBER.ORG 6 |
7 | N C S C Y B E R . C O M
8 | N C S C Y B E R . C O M
9 | N C S C Y B E R . C O M
1 0 | N C S C Y B E R . C O M
1 1 | N C S C Y B E R . C O M
1 2 | N C S C Y B E R . C O M
MORE HEADLINES
➢This case (U.S. v. Hong) of cyber meets securities fraud should serve as a wake-up call…around the world: You ARE and WILL BE targets of cyber-hacking, because you have information valuable to would-be criminals.
Preet Bharara US Attorney, SDNY
➢I am convinced there are only two types
hacked AND those that WILL BE …And even they are converging into one category: companies that HAVE been hacked AND will be HACKED AGAIN…
Robert Mueller Director, FBI March 1, 2012
1 3 | N C S C Y B E R . C O M
1 4 | N C S C Y B E R . C O M
➢Equifax 146M Users ➢Yahoo 1.5B Users ➢E-bay 145M Users ➢Target 110M Users ➢Sony 102M Users ➢JPMC 76M Users ➢Anthem/BCBS 80M Users ➢Home Depot 56M Users ➢OPM 22.5M Users ➢Ashley-Madison 30.M Users PRIVACYRIGHTS.ORG
1 5 | N C S C Y B E R . C O M
Computer incident response was once the sole responsibility of the IT department, but as it has become clear that the consequences of a computer incident can threaten an enterprise’s very existence, directors are now being held more accountable. Directors have to be aware that a serious computer incident could result in a number of negative consequences for their enterprise, such as reputational damage or regulatory fines
1 6 | N C S C Y B E R . C O M
1 7 | N C S C Y B E R . C O M
1 8 | N C S C Y B E R . C O M
SCCYBER.ORG
“ …what we have to remember is those who attack are patient, and those that attack never stop trying. So, if that’s the case, we can never stop working to make sure we keep things
1 9 | N C S C Y B E R . C O M
2 0 | N C S C Y B E R . C O M
2 1 | N C S C Y B E R . C O M
75 % 25 %
2 2 | N C S C Y B E R . C O M
US Army CCOE
2 3 | N C S C Y B E R . C O M
70%
50%
60%
suffering a cyber attack
2 4 | N C S C Y B E R . C O M
Your Organization
2 5 | N C S C Y B E R . C O M
2 6 | N C S C Y B E R . C O M
2 7 | N C S C Y B E R . C O M
MECKLENBURG COUNTY GOVERNMENT
Largest population in North Carolina – over one million residents Includes City of Charlotte and 6 other towns Major county services
$1.7 Billion Operating Budget
2 8 | N C S C Y B E R . C O M
Ransomware attack—December 5, 2017 Mecklenburg County network credentials were compromised by cyber criminal(s) using a social engineering Phishing attack The criminal(s) utilized harvested user sign-on credentials to gain un- authorized access to Mecklenburg County systems The criminal(s) then planted Ransomware to ‘Freeze’ select systems and then demanded payment to ‘Unfreeze’ 48 Servers encrypted—Over 200 systems impacted
2 9 | N C S C Y B E R . C O M
Backups: Server team stood up a new database environment & restored database backups for various systems which ran overnight Gained additional insights from various sources regarding potential risks & benefits of paying ransom. Engaged Experts (Microsoft, FBI, Fortalice, TrendMicro, Others) Based on risk / benefit analysis and input from numerous discussions with County Executive Leadership, decision was made and communicated that:
Mecklenburg County would not pay
https://www.nytimes.com/2017/12/06/us/mecklenburg-county-hackers.html
3 0 | N C S C Y B E R . C O M
What Went Well ▪ Treated as a County crisis – Not an IT issue ✓ Daily command center engaged throughout ▪ Communication strategy came from the Top – early and timely frequency (email & telephony was essential) ▪ Had strong back-ups and ability to restore ▪ Had practiced IT and Department COOP’s (table top exercises) ▪ Had strong relationship with Forensic IT companies (on the job within hours) ▪ Had Cyber Insurance ▪ Got Lucky – No Data Loss
3 1 | N C S C Y B E R . C O M
Lessons Learned? ▪ If you have valuable data (personal, HIPPA, PCI), provide critical infrastructure services, or have the ability to pay, you are a cybersecurity target – You are probably being watched and tested as we speak. ▪ Cyber criminals are highly sophisticated and persistent – in our case, they spent considerable time looking for a way in – moved quickly once in. ▪ Your employees will fall for phishing (no matter how much training you do). ▪ Your employees are unaware of file sharing and other social media risks – you may be surprised at how much unauthorized file sharing is going on: personal storage, Dropbox, etc.
3 2 | N C S C Y B E R . C O M
Lessons Learned ▪ If (when) you are hacked, be aware that your IT access will be blocked (inbound and outbound) by 3rd parties. You will need to prove to each provider that it is safe to restore access (can take weeks)
▪ Banks ▪ State, Federal, Local systems (even cities and towns within the County)
▪ You will be inundated with assistance and advice (these were unanticipated management communication challenges) ▪ Be prepared for counter attacks
3 3 | N C S C Y B E R . C O M
3 4 | N C S C Y B E R . C O M
South Carolina Insurance Data Security Act
3 5 | N C S C Y B E R . C O M
South Carolina Insurance Data Security Act
Key Dates January 1, 2019 Agencies are required to notify the SC DOI Director, no later than 72 hours after determining that a cyber Security event has occurred. July 1, 2019 Agencies are required to have established a comprehensive, written Information Security program by July 1, 2019. Section 38-99-20 July 1, 2020 Agencies are required to have vetted their supply chain’s implementation of administrative, technical and physical controls to safeguard their Information Systems storing agency Non-Public Data. Section 38- 99-20(F) February 15, 2020 Agencies operating in South Carolina must submit a written statement certifying to the SC DOI Director, a written statement certifying that the insurer complies with the requirements set forth in the Act. Section 38-99-20(H)(2)(1)
3 6 | N C S C Y B E R . C O M
South Carolina Insurance Data Security Act
Key Requirements
➢ Risk Assessment ➢ Comprehensive Written Information Security Program, including an Incident Response Plan ➢ Chief Information Security Officer appointed to
➢ Annual reporting by CISO to Board of Directors or Owner(s) ➢ Annual reporting to SC Department of Insurance
3 7 | N C S C Y B E R . C O M
South Carolina Insurance Data Security Act
Is Outsourcing Compliance Right For You? Insurance agents routinely identify and calculate risks when developing a client's policy, be it health, auto,
Assessing cybersecurity risks follows a similar path of identifying risks and corresponding threats by answering these questions: ➢ What are the known risks within your business? ➢ What are your business's unidentified risks? ➢ What are the existing and evolving threats? ➢ What are you doing to effectively counter threats? ➢ Are you managing the risks to your business?
*Dragoon Security Group
3 8 | N C S C Y B E R . C O M
South Carolina Insurance Data Security Act
How We Can Help NCS Cyber has commissioned a feasibility study and corresponding guide describing the SC Insurance Data Security Act and its impact on licensees of the SC Department of Insurance.
Toolkit: Roadmap Guide Sample Request for Proposals (RFP) Resource Connections.
NCS Cyber brings decades of experience building and maturing Information Security Programs in highly regulated industries, both public and private sector. Our ability to connect with industry partners and deliver solutions necessary for organizations to manage their cyber risk has kept us at the forefront
3 9 | N C S C Y B E R . C O M
How Are You Managing Your Risks?
4 0 | N C S C Y B E R . C O M
Security Measures Against Ransomware
➢Anti-virus signatures: Selection and deployment of anti-virus signatures are critical. ➢Monitoring: Updating patches is critical to protect against new variants ➢Containment Plan: If compromised, have your response ready, which starts with containment. ➢Response Plan: Must address three (3) key issues: ˃ Whether and how to pay the ransom ˃ How to interact with law enforcement ˃ How to restore operations ˃ Backup does not equal file retrieval
4 1 | N C S C Y B E R . C O M
What does Cyber Insurance Cover?
➢Defense and indemnity for alleged liability due to a cyber or privacy incident (LIABILITY) ➢ Cyber incident = failure of insured’s computer system security ➢ Privacy incident = failure to protect confidential information ➢ Coverage for investigating and mitigating a cyber or privacy incident (EVENT RESPONSE) ➢ Coverage for business interruption due to a cyber incident (BUSINESS INTERRUPTION) ➢ Coverage for threats to harm a network or release confidential information (CYBER EXTORTION) ➢ All insurance is based on systems employed
4 2 | N C S C Y B E R . C O M
4 3 | N C S C Y B E R . C O M
Lorem ipsum dolor sit amet, cras lobortis molestie urna purus metus.
Lorem ipsum dolor sit amet, cras lobortis molestie urna purus metus, scelerisque amet non vestibulum
semper massa viverra purus libero. Purus accumsan lorem vestibulum vestibulum id eros, malesuada enim ipsum, elementum tellus.
4 4 | N C S C Y B E R . C O M
4 5 | N C S C Y B E R . C O M
4 6 | N C S C Y B E R . C O M
SCCYBER.ORG 46 |