Cybersecurity What you need to know Agenda Introduction Kevin - - PowerPoint PPT Presentation

Cybersecurity

What you need to know

Agenda

• Introduction – Kevin Bobroske
• What is cybersecurity?
• Why should I care?
• What can I do about it?
• High level cyber framework overview
• Summary + QA
• Fun stuff

BIO

Kevin Bobroske

• MBA Digital Technology Management
• Certified Information Security Manager

(CISM)

• 25 Year IT professional
• 15 Years in Information

Security/Cybersecurity

• CTO for Multinational Financial Services

Company

• Co-Founder Dream Technology Solutions

What is Cybersecurity

Definition of cybersecurity

: The practice of protecting systems, networks, and programs from digital attacks.

Confidentiality, Integrity and Availability (CIA Triad)

C - limit access to information I - assurance that the information is trustworthy and accurate A - guarantee of reliable access to the information by authorized people

Who are the bad actors

What’s it worth

The digital age has revolutionized the way we do work

• The worldwide spending on technology

reached $3,360 billion in 2019. (Statista, 2019)

• 50% of technology growth worldwide is

because of emerging technologies such as IoT software and hardware, AR/VR, SaaS+PaaS, robotics, AI, big data, and next- gen security. (CompTIA, 2018)

• There are 4.4 billion active internet users

worldwide—that’s 58% of the global

• population. (Statista, 2019)
• Statistics show that there are 1 million new

internet users each day. (We are Social, 2019)

The growing concern

The rate of cybercrimes has grown exponentially and is consistent with the growth of technology

• More than 90,000 websites are hacked
• daily. (Hosting Facts, 2019)
• 31% of companies have had their
• perational technology infrastructure
• compromised. (Cisco Cybersecurity Report, 2019)
• A company falls victim to a ransomware

attack every 14 seconds. (Cybersecurity

Ventures, 2017)

• 73% of black hat hackers said traditional

firewall and antivirus security is irrelevant

• r obsolete (Black Hat Survey, 2017)

Does my IT have my security covered?

Cybersecurity/Managed Security Service Provider

• Ensures your information

systems and data are NOT useful to anyone but your employees and customers

• Primary focus is

cybersecurity

• Prevents, detects and

responds to threats across your infrastructure, network and applications

• Expertise in aligning security

with compliance frameworks

IT/Managed Service Provider

• Ensures your information

systems and data are available and useful to your employees and customers

• Primary focus is

administration

• Engaged for usability and

performance issues

Why traditional IT is losing the race

It is fundamentally flawed to protect against modern threats

• Focused on keeping bad people out
• Predicated on us vs them approach
• Assumes that malicious actors from

“outside” groups can be detected and blocked

• Firewalls and antimalware defenses are still

necessary but aren’t enough to keep businesses safe

• Modern businesses need to define a new

perimeter based on identity that secures company resources that are located anywhere; including users, devices, apps, data, and infrastructure.

It’s not just a big company problem

• 43% of online attacks are now aimed at small

businesses (2019 Data Breach Investigations

Report)

• In 2018, 67% of small to medium-sized businesses

fell prey to a cyberattack (Ponemon's 2018 State of

Cybersecurity)

• Of those small businesses that experienced an

attack, 58% suffered a data breach

• There was a 424% increase in authentic and new

breaches of small businesses in 2018 (Identity Breach

Report 2018)

It’s only a matter of time

It’s not if, it’s when an attack will occur. Are you ready?

• Do you still think you are too small to be a target?
• Are you able to defend against a zero-day attack?
• Can you detect a breach in a timely fashion?
• Do you have an effective incident response plan?
• Do you have a 3rd party risk management program?
• Does your executive view cybersecurity is a business

priority?

• Is your staff accountable for company cybersecurity?

Who should care

• Your customers and shareholders

will care and so should you

• Directors are charged with the

fiduciary duty of overseeing the cyber risk preparations and defenses of their companies

• Governing bodies and privacy

laws are cracking down

• Cybersecurity is everyone’s

responsibility

What now

• Own the problem, own the solution
• The first step is recognizing that this

is a growing concern among small and medium businesses and it’s not going away

• Get the entire organization on board
• Start with the basics and grow from

there

• Education and training
• Seek help as needed

Why is it important

• Privacy laws are getting more stringent and

will continue to do so

• The federal government is following Europe

by cracking down on privacy breaches

• Failure to report significant breaches to the

Office of the Privacy Commissioner (OPC) could result in $100k in fines

• The average cost of a data breach for small

companies is between $80k- $150k

• 60% of small businesses go out of business

within six months after a breach

Own the problem

• No matter where your data is stored, it was

gathered and stored for the purpose of your business and you own it

• You can outsource your business services,

but you can’t outsource your responsibility

• 3rd party processors and MSPs need to

adhere to YOUR security standards

What can you do about it

• Perform a cybersecurity risk assessment
• Select a framework (NIST CSF, PCI DSS, CIS

Controls, ISO 27001 etc.)

• Determine your risk posture
• Define the scope
• Identify your threats and attack paths
• Identify your digital assets
• Perform assessment of current control sets
• Create gap assessment
• Propose and evaluate safeguards as needed
• You don’t need to go it alone, seek professional help

Focus on the crown jewels

You can’t protect everything, focus on the most important data Know where your data is and how it’s protected Take a risk-based approach as you define your cybersecurity strategy

Apply the 5 basic functions

Identify

• Identifying physical and software assets within the
• rganization to establish the basis of an Asset Management

program

• Identifying the Business Environment the organization

supports including the organization's role in the supply chain, and the organizations place in the critical infrastructure sector

• Identifying cybersecurity policies established within the
• rganization to define the Governance program as well as

identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization

• Identifying asset vulnerabilities, threats to internal and

external organizational resources, and risk response activities as a basis for the organizations Risk Assessment

• Identifying a Risk Management Strategy for the
• rganization including establishing risk tolerances
• Identifying a Supply Chain Risk Management strategy

including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks

Protect

• Use of Identity Management and Access Control within

the organization including physical and remote access

• Empowering staff within the organization through

Awareness and Training including role based and privileged user training

• Establishing Data Security protection consistent with the
• rganization’s risk strategy to protect the confidentiality,

integrity, and availability of information

• Implementing information protection processes and

procedures to maintain and manage the integrity of information systems and assets

• Protecting organizational resources through

Maintenance, including remote maintenance, activities

• Managing protective technology to ensure the security

and resilience of systems and assists are consistent with

• rganizational policies, procedures, and agreements

Detect

• Ensuring anomalies and events are detected, and

their potential impact is understood

• Implementing security continuous monitoring

capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities

• Maintaining detection processes to provide

awareness of anomalous events

Respond

• Ensuring Response Planning process are executed during

and after an incident

• Managing Communications during and after an event

with stakeholders, law enforcement, external stakeholders as appropriate

• Analysis is conducted to ensure effective response and

support recovery activities including forensic analysis, and determining the impact of incidents

• Mitigation activities are performed to prevent expansion
• f an event and to resolve the incident
• The organization implements Improvements by

incorporating lessons learned from current and previous detection / response activities

Recover

• Ensuring the organization implements Recovery

Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents

• Implementing Improvements based on lessons

learned and reviews of existing strategies

• Internal and external communications are

coordinated during and following the recovery from a cybersecurity incident

Build a cyber aware culture

• Practice good cyber hygiene
• Education and accountability are a shared

responsibility

• Despite the best technology and processes,

people are always security’s weakest link

• Of the reported breaches in 2018, 27%

were due to human error, and 25% were comprised of both IT and business process failures (system glitches) (2018 Cost of a Data Breach Study)

• Most breaches are caused by something

someone did or should have done!

Cybersecurity in Summary

The practice of protecting systems, networks, and programs from digital attacks.

• We need to rethink the way we do things
• Own the problem, own the solution
• The first step is to take the first step
• Don’t guess, use a known framework to help you define your strategy
• Take a risk-based approach, every business is different
• Be prepared – it will happen to you
• You aren’t alone

Test your skills

Fun Stuff

Dark Web Scans https://www.keepersecurity.com/free-data-breach-scan.html https://haveibeenpwned.com/ Malware https://dream-techs.com/?page_id=954 Hacker Maps https://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=18316&view=map https://threatmap.fortiguard.com/ https://cybermap.kaspersky.com/ https://threatmap.checkpoint.com/ https://map.lookingglasscyber.com/ Demo Videos https://www.youtube.com/watch?v=lod_8O53njM https://www.youtube.com/watch?v=CV39QzFpJx4 https://www.youtube.com/watch?v=-0ofQsAwF2I https://www.youtube.com/watch?v=lc7scxvKQOo https://www.youtube.com/watch?v=PWVN3Rq4gzw

Questions

Extra Links..

• Cyber Frameworks
• Canada Center of Cyber Security - https://cyber.gc.ca/en/
• CIS Controls - https://www.cisecurity.org/controls/
• NIST - https://www.nist.gov/topics/cybersecurity
• ISO27001 - https://www.nist.gov/topics/cybersecurity
• PCI - https://www.pcisecuritystandards.org/
• COBIT - https://www.isaca.org/resources/cobit
• Cybersecurity Organizations
• ISACA- https://www.isaca.org/why-isaca/about-us
• SANS – https://www.sans.org/about/
• CERT - https://www.sei.cmu.edu/about/what-we-do/index.cfm
• CERIAS - https://www.cerias.purdue.edu/site/about

Must Follow..

• Brian Krebs - https://krebsonsecurity.com/
• Errata Security - https://blog.erratasec.com/
• Threat Post - https://threatpost.com/
• Security Boulevard - https://securityboulevard.com/
• Naked Security - https://nakedsecurity.sophos.com/
• Security Weekly - https://securityweekly.com/
• The Security Ledger - https://securityledger.com/
• Graham Cluley - https://www.grahamcluley.com/

Contact

Kevin Bobroske, MBA,CISM Co-Founder/Director Dream Technology Solutions kevin.Bobroske@dream-techs.com 250-744-7973 https://dream-techs.com