Cybersecurity Today CYBERSECURITY IN TODAY’S WORLD
Cyberattacks in Wyoming Medical Facilities Local Government Schools Law Enforcement Media Outlets
The threat and how to think about it ► Ransomware has rapidly emerged as the most visible cybersecurity risk. ► Private sector ► Government agencies
FBI – Public Service Announcement ► Alert number I-100219-PSA Dated October 2, 2019 ► If my system is infected, should I pay the ransom? Should I contact the FBI? ► The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data. In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key. ► Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. ► Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.
Actions for today – Don’t be tomorrow’s headline ► Prioritize assets and processes ► Identify cyber risks ► Plan security controls and response plans ► Implement security controls and response plans ► Monitor the progress
Actions for today – Don’t be tomorrow’s headline ► Backup your data, system images and configurations. ► Keep backups offline ► Awareness training for all staff ► Update and patch systems ► Make sure your security solutions are up to date ► Review and exercise your incident response plan ► Pay attention to ransomware events and apply lessons learned ► Explore the option of cyber insurance through your agent
Building an Incident Response Plan ► Determine authority to call an incident ► Assign IRT responsibilities ► Do not assign severity levels ► Establish communications procedures and responsibilities ► Gather pertinent information ► Outline the process ► Review and test the plan
Actions to recover if impacted – Don’t let a bad day get worse ► Ask for help ► Work with an experienced advisor to help recover ► Isolate the infected systems and phase your return to operations ► Review the connections of any business relationships (customers, partners, vendors) that touch your network ► Apply business impact assessment finds to prioritize recovery
Actions to secure your environment – Don’t be an easy mark ► Practice good cyber hygiene; backup, update, whitelist apps, limit privilege and use multifactor authentication ► Segment your networks; make it hard for bad guys to move around and infect multiple systems ► Develop containment strategies; if bad guys get in, make it hard for them to get stuff out ► Know your system’s baseline for recovery ► Review disaster recovery procedures and validate goals
Cybersecurity road map ► Tier 1 – Have you communicated the importance of cybersecurity to your business? ► Has your business begun to follow basic cybersecurity best practices? ► Tier 2 – Are you implementing a leadership-driven, company-wide cybersecurity program? ► Have you integrated cybersecurity with risk management processes ► Tier 3 – Are you evaluating your cybersecurity posture and capabilities? ► Are you participating in an information sharing forum to gain insights and strategies? ► Tier 4 – Have you trained your staff to prevent, detect and respond to cyber incidents? ► Are you utilizing cyber defense technologies to support your operation?
Questions? LELAND CHRISTENSEN WYOMING OFFICE OF HOMELAND SECURITY 307-777-4900
Recommend
More recommend
