Cybersecurity What you need to know Agenda Introduction Kevin - PowerPoint PPT Presentation

Cybersecurity What you need to know

Agenda • Introduction – Kevin Bobroske • What is cybersecurity? • Why should I care? • What can I do about it? • High level cyber framework overview • Summary + QA • Fun stuff

BIO Kevin Bobroske • MBA Digital Technology Management • Certified Information Security Manager (CISM) • 25 Year IT professional • 15 Years in Information Security/Cybersecurity • CTO for Multinational Financial Services Company • Co-Founder Dream Technology Solutions

What is Cybersecurity Definition of cybersecurity Confidentiality, Integrity and Availability (CIA Triad) : The practice of protecting systems, networks, and programs from digital C - limit access to information attacks. I - assurance that the information is trustworthy and accurate A - guarantee of reliable access to the information by authorized people

Who are the bad actors

What’s it worth

• The worldwide spending on technology reached $3,360 billion in 2019. ( Statista , 2019) • 50% of technology growth worldwide is because of emerging technologies such as IoT software and hardware, AR/VR, The digital age has SaaS+PaaS, robotics, AI, big data, and next- gen security. ( CompTIA , 2018) revolutionized the way we do work • There are 4.4 billion active internet users worldwide —that’s 58% of the global population. ( Statista , 2019) • Statistics show that there are 1 million new internet users each day. ( We are Social , 2019)

The rate of cybercrimes has grown exponentially and is consistent with the growth of technology • More than 90,000 websites are hacked daily. ( Hosting Facts , 2019) • 31% of companies have had their operational technology infrastructure The growing compromised. ( Cisco Cybersecurity Report , 2019) concern • A company falls victim to a ransomware attack every 14 seconds. ( Cybersecurity Ventures , 2017) • 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete ( Black Hat Survey , 2017)

Cybersecurity/Managed IT/Managed Service Does my IT Security Service Provider Provider have my • Ensures your information • Ensures your information security systems and data are NOT systems and data are useful to anyone but your covered? available and useful to employees and customers your employees and • Primary focus is customers cybersecurity • Primary focus is • Prevents, detects and administration responds to threats across your infrastructure, network • Engaged for usability and and applications performance issues • Expertise in aligning security with compliance frameworks

It is fundamentally flawed to protect against modern threats • Focused on keeping bad people out • Predicated on us vs them approach Why • Assumes that malicious actors from traditional IT “outside” groups can be detected and blocked • Firewalls and antimalware defenses are still is losing the necessary but aren’t enough to keep businesses safe race • Modern businesses need to define a new perimeter based on identity that secures company resources that are located anywhere; including users, devices, apps, data, and infrastructure.

• 43% of online attacks are now aimed at small businesses ( 2019 Data Breach Investigations Report) It’s not just a • In 2018, 67% of small to medium-sized businesses fell prey to a cyberattack (Ponemon's 2018 State of big company Cybersecurity) • Of those small businesses that experienced an problem attack, 58% suffered a data breach • There was a 424% increase in authentic and new breaches of small businesses in 2018 (Identity Breach Report 2018)

It’s not if, it’s when an attack will occur. Are you ready? • Do you still think you are too small to be a target? It’s only a • Are you able to defend against a zero-day attack? matter of • Can you detect a breach in a timely fashion? • Do you have an effective incident response plan? time • Do you have a 3 rd party risk management program? • Does your executive view cybersecurity is a business priority? • Is your staff accountable for company cybersecurity?

Who should care • Your customers and shareholders will care and so should you • Directors are charged with the fiduciary duty of overseeing the cyber risk preparations and defenses of their companies • Governing bodies and privacy laws are cracking down • Cybersecurity is everyone’s responsibility

What now • Own the problem, own the solution • The first step is recognizing that this is a growing concern among small and medium businesses and it’s not going away • Get the entire organization on board • Start with the basics and grow from there • Education and training • Seek help as needed

• Privacy laws are getting more stringent and will continue to do so • The federal government is following Europe by cracking down on privacy breaches • Failure to report significant breaches to the Office of the Privacy Commissioner (OPC) Why is it could result in $100k in fines important • The average cost of a data breach for small companies is between $80k- $150k • 60% of small businesses go out of business within six months after a breach

• No matter where your data is stored, it was gathered and stored for the purpose of your Own the business and you own it • You can outsource your business services, problem but you can’t outsource your responsibility • 3 rd party processors and MSPs need to adhere to YOUR security standards

• Perform a cybersecurity risk assessment • Select a framework (NIST CSF, PCI DSS, CIS Controls, ISO 27001 etc.) What can • Determine your risk posture • Define the scope you do • Identify your threats and attack paths • Identify your digital assets about it • Perform assessment of current control sets • Create gap assessment • Propose and evaluate safeguards as needed • You don’t need to go it alone, seek professional help

You can’t protect everything, focus on the most important data Focus on the Know where your data is and crown jewels how it’s protected Take a risk-based approach as you define your cybersecurity strategy

Apply the 5 basic functions

• Identifying physical and software assets within the organization to establish the basis of an Asset Management program • Identifying the Business Environment the organization supports including the organization's role in the supply chain, and the organizations place in the critical infrastructure sector • Identifying cybersecurity policies established within the organization to define the Governance program as well as Identify identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization • Identifying asset vulnerabilities, threats to internal and external organizational resources, and risk response activities as a basis for the organizations Risk Assessment • Identifying a Risk Management Strategy for the organization including establishing risk tolerances • Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks

• Use of Identity Management and Access Control within the organization including physical and remote access • Empowering staff within the organization through Awareness and Training including role based and privileged user training • Establishing Data Security protection consistent with the organization’s risk strategy to protect the confidentiality, Protect integrity, and availability of information • Implementing information protection processes and procedures to maintain and manage the integrity of information systems and assets • Protecting organizational resources through Maintenance, including remote maintenance, activities • Managing protective technology to ensure the security and resilience of systems and assists are consistent with organizational policies, procedures, and agreements

• Ensuring anomalies and events are detected, and their potential impact is understood • Implementing security continuous monitoring capabilities to monitor cybersecurity events and Detect verify the effectiveness of protective measures including network and physical activities • Maintaining detection processes to provide awareness of anomalous events

• Ensuring Response Planning process are executed during and after an incident • Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate Respond • Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents • Mitigation activities are performed to prevent expansion of an event and to resolve the incident • The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities

• Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents Recover • Implementing Improvements based on lessons learned and reviews of existing strategies • Internal and external communications are coordinated during and following the recovery from a cybersecurity incident